Re: [fw-wiz] RE: Router Internet Monitoring
From: James Fields (jvfields_at_tds.net)
Date: 09/30/03
- Previous message: Kelly Martin: "SecurityFocus new article announcement"
- In reply to: Mark Teicher: "RE: [fw-wiz] RE: Router Internet Monitoring"
- Next in thread: Nuno Ferreira: "RE: Router Internet Monitoring"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Brian Recore" <brecore@mindsync.net>, "'George Peek'" <GKPeek@AllstateTicketing.com>, "'rogue'" <rogue@nocdemon.net>, "Mark Teicher" <mht3@earthlink.net> Date: Mon, 29 Sep 2003 18:45:59 -0400
Another choice is netForensics (http://www.netforensics.com). We compared
Private I and NF and chose NF - no regrets about that. NF has excellent
ties to Cisco - in fact, Cisco is now selling an appliance with NF embedded
in it. Plus side is NF is very robust, uses Oracle for back end, and
integrates your PIX logs with just about any other security device you have
to give you a more homogenous view of your security. Downside is cost -
it's expensive - really expensive.
----- Original Message -----
From: "Mark Teicher" <mht3@earthlink.net>
To: "Brian Recore" <brecore@mindsync.net>; "'George Peek'"
<GKPeek@AllstateTicketing.com>; "'rogue'" <rogue@nocdemon.net>
Cc: <security-basics@securityfocus.com>; <owen@delong.com>;
<firewall-wizards@honor.icsalabs.com>
Sent: Sunday, September 28, 2003 1:27 PM
Subject: RE: [fw-wiz] RE: Router Internet Monitoring
> Private I is an excellent Cisco PIX Log Manager. Much better than any
> other product on the market
>
> /mark
>
> At 01:43 PM 9/5/2003, Brian Recore wrote:
>
> >On the pix you can suppress different types of messages to you won't see
> >them in the log. You do it by the specific message number at the
beginning
> >of the log message. I have down it for one or two messages but I would
> >think much more than that would be to administrative. It could also
defeat
> >the whole purpose of logging because you suppress the messages for
> >everything not just per interface (I am pretty sure).
> >
> >-----Original Message-----
> >From: firewall-wizards-admin@honor.icsalabs.com
> >[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of George
Peek
> >Sent: Thursday, September 04, 2003 12:22 PM
> >To: 'rogue'; George Peek
> >Cc: 'security-basics@securityfocus.com'; 'owen@delong.com';
> >'firewall-wizards@honor.icsalabs.com'
> >Subject: [fw-wiz] RE: Router Internet Monitoring
> >
> >
> >Problem with Pix is it is logging literally everything, hence we have
> >multiple DMZs.. for frame, dial-up, internet, internal, etc. I have not
> >fully explored filtering, we use Kiwi Syslog Daemon for logging but the
file
> >grows extremely huge. In the future, SQL solution (which it supports)
will
> >be implemented but for now I need something live to monitor.
> >
> >Can you use the Cisco Pix Device Manager to filter the log?
> >
> >-----Original Message-----
> >From: rogue [mailto:rogue@nocdemon.net]
> >Sent: Thursday, September 04, 2003 9:29 AM
> >To: George Peek
> >Cc: 'security-basics@securityfocus.com'; 'owen@delong.com';
> >'firewall-wizards@honor.icsalabs.com'
> >Subject: Re: Router Internet Monitoring
> >
> >
> >
> >if you tell your PIX to log to a syslog server and ramp up the PIX
logging
> >to informational youll see every URL connection made from withinyour
> >network.
> >
> >-rogue
> >
> >On Wed, 3 Sep 2003, George Peek wrote:
> >
> > > This may be a bit offtopic, if so please excuse me. I am looking for a
> > > solution to monitor the live traffic (i.e. incoming/outgoing traffic,
> >incl.
> > > able to determine what url the user is going to) on our Cisco 2620.
> >Freeware
> > > would be great, linux solution is ok. I don't want to use a network
> >capture
> > > utility such as sniffer, fluke or iris. Pix has the device manager
> > > which comes in handy. I can enable logging via SNMP, but it is text
> > > based, a GUI utility that will sort that information would be very
> > > cool.
> > >
> > > Thank You,
> > > George Peek
> > >
> > >
>
>---------------------------------------------------------------------------
> > > Attend Black Hat Briefings & Training Federal, September 29-30
> > > (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's
> > > premier technical IT security event. Modeled after the famous Black
> > > Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers
> > > and sponsors. Symantec is the Diamond sponsor. Early-bird
> > > registration ends September
> >6.Visit us: www.blackhat.com
> > >
>
>---------------------------------------------------------------------------
-
> > >
> >
> >--
> >==================
> >rogue@nocdemon.net
> > {\o0|
> >================== _______________________________________________
> >firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
> >http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
> >
> >_______________________________________________
> >firewall-wizards mailing list
> >firewall-wizards@honor.icsalabs.com
> >http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
-- > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: Kelly Martin: "SecurityFocus new article announcement"
- In reply to: Mark Teicher: "RE: [fw-wiz] RE: Router Internet Monitoring"
- Next in thread: Nuno Ferreira: "RE: Router Internet Monitoring"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
