Re: [fw-wiz] [OT?] Accounting from PIX Logs

From: "Security Guy" <security@xxxxxxxxxxxx>
Date: Wed, 28 Mar 2007 08:42:46 -0400

This perl script might help you:

http://groups.google.ca/group/comp.dcom.sys.cisco/browse_thread/thread/972a527ba458f06/37ddb0b6234c1e48#37ddb0b6234c1e48

another option (also discussed in that thread) would be to mirror the
inside port of the PIX and run traffic analysis against that (there
are numerous apps that will do this for you, I just can't think of any
off the top of my head), but this would require a switch that supports
mirroring and another box to do the analysis. More complicated, but
you're probably going to get a more accurate reading than groking what
you get from the PIX syslog output

HTH

-Karl

On 3/27/07, Adrian Grigorof <adi@xxxxxxxxxxxx> wrote:

Hello,

Not open source but good (we hope):
http://www.eventid.net/firegen/firegenpix2.asp (I am one of
the developers).

Regards,

Adrian Grigorof
www.altairtech.ca
www.eventid.net

fRANz wrote:
Hi.
Anyone can suggest me a good solution (preferred OpenSource) for
summarizing and accounting Cisco PIX (ver. 6.x, 7.x) logs?

Regards,
-f
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

--
-Karl
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Follow-Ups:
- Re: [fw-wiz] [OT?] Accounting from PIX Logs
  - From: Shahin Ansari

References:
- [fw-wiz] [OT?] Accounting from PIX Logs
  - From: fRANz
- Re: [fw-wiz] [OT?] Accounting from PIX Logs
  - From: Adrian Grigorof

Prev by Date: Re: [fw-wiz] [OT?] Accounting from PIX Logs
Next by Date: [fw-wiz] FW: OT? New compromise.
Previous by thread: Re: [fw-wiz] [OT?] Accounting from PIX Logs
Next by thread: Re: [fw-wiz] [OT?] Accounting from PIX Logs
Index(es):
- Date
- Thread

Relevant Pages

Re: [fw-wiz] [OT?] Accounting from PIX Logs
... another option would be to mirror the ... inside port of the PIX and run traffic analysis against that (there ... On 3/27/07, Adrian Grigorof wrote: ...
(Firewall-Wizards)
Re: Open port PIX 501
... :i can't open the port in my PIX. ... :I need open the port 1000 to point to the IP 10.254.254.222. ... in practice only DNS servers doing zone transfers need tcp. ... of UDP, it would be a highly unusual client which did not stick ...
(comp.dcom.sys.cisco)
Re: Testing A Cisco PIX 501
... and it uses let's say 53 DNS port or HTTP 80 port ... Optionally write a test bench. ... I would like to, for example, be safer from trojans. ... my PIX, my PC is also cabled to the PIX and my wireless router is also ...
(comp.security.firewalls)
RE: [fw-wiz] ? re: PIX port translation config
... however inorder to perform the port mapping you need to use the following ... Also make sure you do not have 'sysopt noproxyarp dmz' defined or the pix ... wont proxy arp on that interface. ... > and need assistence with the config. ...
(Firewall-Wizards)
Re: Allowing icomming connections?
... >I am suspecting that one of my users is allowing an Internet IP Addy ... I see many of the below lines (PIX log) where the UDP ... Port on C.C.C.C remains constant as well, ... ports on A.A.A.A increment and that that tells you "that NAT remains active". ...
(comp.dcom.sys.cisco)