Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Network flow log consolidation

From: "Jenkins, Matthew" <mjenkins7 () FAIRMONTSTATE EDU>
Date: Tue, 25 Apr 2006 16:40:43 -0400
I have seen the Cisco IDS modules do snmp traps.  I haven't had time to
configure them yet (they were purchased with some other equipment).  I
was wondering if maybe I could set up a snmp trap server and get the
output going to a text stream on a unix box.

Matt

Matthew Jenkins
Network/Server Administrator
Fairmont State University
304.367.4955
Visit us online at www.fairmontstate.edu


-----Original Message-----
From: Graham Toal [mailto:gtoal () UTPA EDU] 
Sent: Tuesday, April 25, 2006 4:37 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Network flow log consolidation


Speaking of MARS, does anyone know of an open source 
application for collecting logs off of Cisco IDS modules?  
MARS wasn't in the budget this year :-)


many years ago when I ran a small ISP and we couldn't afford
the latest Cisco routers with SNMP, we managed to do OK using
the unix (also Windows I think, now) command "expect" to telnet
(or now ssh) in to a router and output any counters etc from
the command line.  Probably something like "show log" I would
imagine.  Since it is really an interactive session it's a
useful trick to set the page size to 0 so that you can output
a lot of information without having to hit space every page.

There's a good O'Reilly book on Expect, but from what I
remember it's quite easy to install and get a trivial program
running by cribbing from the included example scripts so you
may not need the book.


Graham
Previous By Date Next
Previous By Thread Next

Current thread: