Re: [fw-wiz] Yeah - new syslog server



Hey Brian,

Perhaps look into something like SmokePing?
(http://oss.oetiker.ch/smokeping/) You could have one of your
management boxes run SmokePing and set one of its 'targets' to be the
inside interface of one of your client's firewalls. Then just add the
correct ACL to let you icmp/ip whatever the inside interface over the
VPN, SmokePing gives you packetloss and latency in pretty graphs (view
across http). In theory it should show packet loss when your VPN
tunnels disconnect for a reason such as their Internet connection
going down. :)

Cheers,

Will

On 15/06/06, Brian Loe <knobdy@xxxxxxxxx> wrote:
So, my company is getting nailed for not meeting its SLA agreements
for uptime. Because of this my manager has asked me for a way to
monitor VPN uptimes (for one). Now, and if someone here knows
something different PLEASE tell, all of our site-to-site VPN endpoints
are either a Cisco router (older 2600s I believe) or a PIX (515s I
think). I haven't found a way to monitor the tunnels on those devices
because there isn't a "interface-like" OID. The system I use to
monitor everything else can gather data from SNMP polls or scripts and
a host of other things - but I haven't found anything for these
tunnels on these devices.

After explaining that to my boss I stated that I'm pretty sure I could
monitor *downtime* with a syslog server. He said good, spec one and
we'll get it ordered. We've placed an order for an IBM 510 with a
usable 1.2TB RAID array. This SHOULD be plenty for doing this, and
complying with any future requirements we might have (DITSCAP, for
one) allowing 11 months of archived data, 1 month of live data (all
raw) and the various "break-out" log files.

I've got a few scripts from others on this list that I'll be using for
everything - just wondering if anyone here has experience with the
tunnel monitoring part?
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: slow access with China
    ... cannot analyse, crack, monitor, or sniff your connection. ... VPN cannot be monitored by the local auhorities, ...
    (comp.security.firewalls)
  • Re: [Full-disclosure] LOOKING VPN TRAFIIC MONITRING SOFTWARE
    ... well yes i am looking to monitor two end points,durations,, actually i installed netscreen ISG and client is faccing problems in VPN!!!!there sessions for VPN drop after some time,, so i need some software that i know the seesions and there durations,,,, ... > I am just looking for some software that i can monitor the traffic for VPN ... > sessions or traffic,, I prefer if this software is free to download or some ...
    (Full-Disclosure)
  • Re: VPN Client - some users cant connect
    ... What device are your users connecting to via VPN? ... I'm not sure what the equivilent would be on a router or ... I think you should also be able to monitor your ... Windows domain controller event log, ...
    (comp.dcom.sys.cisco)
  • [fw-wiz] Yeah - new syslog server
    ... for uptime. ... I haven't found a way to monitor the tunnels on those devices ... I've got a few scripts from others on this list that I'll be using for ...
    (Firewall-Wizards)