Security Basics mailing list archives
RE: [fw-wiz] RE: Router Internet Monitoring
From: Mark Teicher <mht3 () earthlink net>
Date: Sun, 28 Sep 2003 11:27:50 -0600
Private I is an excellent Cisco PIX Log Manager. Much better than any other product on the market
/mark At 01:43 PM 9/5/2003, Brian Recore wrote:
On the pix you can suppress different types of messages to you won't see them in the log. You do it by the specific message number at the beginning of the log message. I have down it for one or two messages but I would think much more than that would be to administrative. It could also defeat the whole purpose of logging because you suppress the messages for everything not just per interface (I am pretty sure). -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of George Peek Sent: Thursday, September 04, 2003 12:22 PM To: 'rogue'; George Peek Cc: 'security-basics () securityfocus com'; 'owen () delong com'; 'firewall-wizards () honor icsalabs com' Subject: [fw-wiz] RE: Router Internet Monitoring Problem with Pix is it is logging literally everything, hence we have multiple DMZs.. for frame, dial-up, internet, internal, etc. I have not fully explored filtering, we use Kiwi Syslog Daemon for logging but the file grows extremely huge. In the future, SQL solution (which it supports) will be implemented but for now I need something live to monitor. Can you use the Cisco Pix Device Manager to filter the log? -----Original Message----- From: rogue [mailto:rogue () nocdemon net] Sent: Thursday, September 04, 2003 9:29 AM To: George Peek Cc: 'security-basics () securityfocus com'; 'owen () delong com'; 'firewall-wizards () honor icsalabs com' Subject: Re: Router Internet Monitoring if you tell your PIX to log to a syslog server and ramp up the PIX logging to informational youll see every URL connection made from withinyour network. -rogue On Wed, 3 Sep 2003, George Peek wrote: > This may be a bit offtopic, if so please excuse me. I am looking for a > solution to monitor the live traffic (i.e. incoming/outgoing traffic, incl. > able to determine what url the user is going to) on our Cisco 2620. Freeware > would be great, linux solution is ok. I don't want to use a network capture > utility such as sniffer, fluke or iris. Pix has the device manager > which comes in handy. I can enable logging via SNMP, but it is text > based, a GUI utility that will sort that information would be very > cool. > > Thank You, > George Peek > > --------------------------------------------------------------------------- > Attend Black Hat Briefings & Training Federal, September 29-30 > (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's > premier technical IT security event. Modeled after the famous Black > Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers > and sponsors. Symantec is the Diamond sponsor. Early-bird > registration ends September 6.Visit us: www.blackhat.com > ---------------------------------------------------------------------------- > -- ================== rogue () nocdemon net {\o0| ================== _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Router Internet Monitoring George Peek (Sep 04)
- Re: [fw-wiz] Router Internet Monitoring Javier Sanchez (Sep 08)
- <Possible follow-ups>
- RE: Router Internet Monitoring George Peek (Sep 04)
- RE: Router Internet Monitoring Dave (Sep 04)
- RE: [fw-wiz] RE: Router Internet Monitoring Brian Recore (Sep 05)
- RE: [fw-wiz] RE: Router Internet Monitoring Mark Teicher (Sep 29)
- Re: [fw-wiz] RE: Router Internet Monitoring James Fields (Sep 30)
- RE: Router Internet Monitoring Nuno Ferreira (Sep 05)