Re: [fw-wiz] Syslog montioring and usage.
From: Ng Pheng Siong (ngps_at_netmemetic.com)
Date: 07/14/04
- Previous message: Greg Skouby: "Re: [fw-wiz] Syslog montioring and usage."
- In reply to: Chad Thomsen: "[fw-wiz] Syslog montioring and usage."
- Next in thread: Adrian Grigorof: "Re: [fw-wiz] Syslog montioring and usage."
- Reply: Adrian Grigorof: "Re: [fw-wiz] Syslog montioring and usage."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Chad Thomsen <chad.thomsen@bramespecialty.com> Date: Wed, 14 Jul 2004 06:59:15 +0800
On Mon, Jul 12, 2004 at 01:54:07PM -0400, Chad Thomsen wrote:
> I would like to better find out what the messages mean, and how to track
> down port scans, and other security related issues that syslog may
> reveal. To sum it up I want to be able to have a good understanding of a
> log file that comes form a Pix.
Your Cisco PIX docu set contains a PDF file entitled, "Cisco PIX Firewall
System Log Messages." Check that out.
On tracking down port scans, you may want to look at SnortSam and its PIX
plugin. Essentially, SnortSam is a clone of Checkpoint FW-1's Suspicious
Activity Monitor (SAM), wherein dynamic firewall rules may be
created/destroyed in response to, um, suspicious activities. ;-)
Cheers.
-- Ng Pheng Siong <ngps@netmemetic.com> http://firewall.rulemaker.net -+- Cisco PIX & Netscreen Config Version Control http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Greg Skouby: "Re: [fw-wiz] Syslog montioring and usage."
- In reply to: Chad Thomsen: "[fw-wiz] Syslog montioring and usage."
- Next in thread: Adrian Grigorof: "Re: [fw-wiz] Syslog montioring and usage."
- Reply: Adrian Grigorof: "Re: [fw-wiz] Syslog montioring and usage."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
