Security Basics mailing list archives

Re: [fw-wiz] RE: Router Internet Monitoring

From: "James Fields" <jvfields () tds net>
Date: Mon, 29 Sep 2003 18:45:59 -0400

Another choice is netForensics (http://www.netforensics.com).  We compared
Private I and NF and chose NF - no regrets about that.  NF has excellent
ties to Cisco - in fact, Cisco is now selling an appliance with NF embedded
in it.  Plus side is NF is very robust, uses Oracle for back end, and
integrates your PIX logs with just about any other security device you have
to give you a more homogenous view of your security.  Downside is cost -
it's expensive - really expensive.

----- Original Message -----
From: "Mark Teicher" <mht3 () earthlink net>
To: "Brian Recore" <brecore () mindsync net>; "'George Peek'"
<GKPeek () AllstateTicketing com>; "'rogue'" <rogue () nocdemon net>
Cc: <security-basics () securityfocus com>; <owen () delong com>;
<firewall-wizards () honor icsalabs com>
Sent: Sunday, September 28, 2003 1:27 PM
Subject: RE: [fw-wiz] RE: Router Internet Monitoring

Private I is an excellent Cisco PIX Log Manager.  Much better than any
other product on the market

/mark

At 01:43 PM 9/5/2003, Brian Recore wrote:

On the pix you can suppress different types of messages to you won't see
them in the log. You do it by the specific message number at the

beginning

of the log message. I have down it for one or two messages but I would
think much more than that would be to administrative. It could also

defeat

the whole purpose of logging because you suppress the messages for
everything not just per interface (I am pretty sure).

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of George

Peek

Sent: Thursday, September 04, 2003 12:22 PM
To: 'rogue'; George Peek
Cc: 'security-basics () securityfocus com'; 'owen () delong com';
'firewall-wizards () honor icsalabs com'
Subject: [fw-wiz] RE: Router Internet Monitoring

Problem with Pix is it is logging literally everything, hence we have
multiple DMZs.. for frame, dial-up, internet, internal, etc. I have not
fully explored filtering, we use Kiwi Syslog Daemon for logging but the

file

grows extremely huge. In the future, SQL solution (which it supports)

will

be implemented but for now I need something live to monitor.

Can you use the Cisco Pix Device Manager to filter the log?

-----Original Message-----
From: rogue [mailto:rogue () nocdemon net]
Sent: Thursday, September 04, 2003 9:29 AM
To: George Peek
Cc: 'security-basics () securityfocus com'; 'owen () delong com';
'firewall-wizards () honor icsalabs com'
Subject: Re: Router Internet Monitoring



if you tell your PIX to log to a syslog server and ramp up the PIX

logging

to informational youll see every URL connection made from withinyour
network.

-rogue

On Wed, 3 Sep 2003, George Peek wrote:

This may be a bit offtopic, if so please excuse me. I am looking for a
solution to monitor the live traffic (i.e. incoming/outgoing traffic,

incl.

able to determine what url the user is going to) on our Cisco 2620.

Freeware

would be great, linux solution is ok. I don't want to use a network

capture

utility such as sniffer, fluke or iris. Pix has the device manager
which comes in handy. I can enable logging via SNMP, but it is text
based, a GUI utility that will sort that information would be very
cool.

Thank You,
George Peek


---------------------------------------------------------------------------

Attend Black Hat Briefings & Training Federal, September 29-30
(Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's
premier technical IT security event. Modeled after the famous Black
Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers
and sponsors. Symantec is the Diamond sponsor. Early-bird
registration ends September

6.Visit us: www.blackhat.com


---------------------------------------------------------------------------


--
==================
rogue () nocdemon net
           {\o0|
================== _______________________________________________
firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



--------------------------------------------------------------------------

--------------------------------------------------------------------------

--




---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Router Internet Monitoring George Peek (Sep 04)
- Re: [fw-wiz] Router Internet Monitoring Javier Sanchez (Sep 08)
- <Possible follow-ups>
- RE: Router Internet Monitoring George Peek (Sep 04)
  - RE: Router Internet Monitoring Dave (Sep 04)
  - RE: [fw-wiz] RE: Router Internet Monitoring Brian Recore (Sep 05)
    - RE: [fw-wiz] RE: Router Internet Monitoring Mark Teicher (Sep 29)
    - Re: [fw-wiz] RE: Router Internet Monitoring James Fields (Sep 30)
- RE: Router Internet Monitoring Nuno Ferreira (Sep 05)