RE: PIX Logging Analysis

[John Adams <jna () retina net>]

On Wed, 19 Mar 2003, Perrymon, Josh L. wrote:

> This is an interesting problem with the PIX. I'm looking into writing a log
> viewer myself. The problem is that I don't know
> of a way for the PIX to report this data to my backend. From what I know I
> only get info from debugs and so on...   

We chose to send all of the logging data (syslog) off to a single syslog 
host, and then used tools to import the syslogs into our database in a 
parsed form. The tools (and link) I provided with PIXiE will do this.

I haven't done much work with PIXiE in the last year or two but I'm 
considering restarting the project. Help is always appreciated on it, as 
the PIX software has run through a few versions since the initial writing. 

> I would like to have something that listed all the traffic passing through
> the PIX..  This has to be possible..  

If you really want that, use the Caida tools (netflow, cflow, etc) and
record flows on each side of the firewall.

Create a pair of SPAN ports off your switch, going into your flow monitor
or a passive (optical) splitter on fiber connections. Use the supplied 
tools to show what you're passing/blocking and where it's coming from. 

--john
 
-- 
J. Adams                                        http://www.retina.net/~jna

The secret of knowing where you are, is knowing what time it is. -- Anonymous


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards