Re: Syslog montioring and usage.

[Ng Pheng Siong <ngps () netmemetic com>]

On Mon, Jul 12, 2004 at 01:54:07PM -0400, Chad Thomsen wrote:
> I would like to better find out what the messages mean, and how to track
> down port scans, and other security related issues that syslog may
> reveal. To sum it up I want to be able to have a good understanding of a
> log file that comes form a Pix. 

Your Cisco PIX docu set contains a PDF file entitled, "Cisco PIX Firewall
System Log Messages." Check that out.

On tracking down port scans, you may want to look at SnortSam and its PIX
plugin. Essentially, SnortSam is a clone of Checkpoint FW-1's Suspicious
Activity Monitor (SAM), wherein dynamic firewall rules may be
created/destroyed in response to, um, suspicious activities. ;-)

    http://www.snortsam.net

Cheers.

-- 
Ng Pheng Siong <ngps () netmemetic com> 

http://firewall.rulemaker.net -+- Cisco PIX & Netscreen Config Version Control 
http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards