Firewall Wizards mailing list archives

RE: Router Internet Monitoring

From: George Peek <GKPeek () AllstateTicketing com>
Date: Thu, 4 Sep 2003 12:21:53 -0700

Problem with Pix is it is logging literally everything, hence we have
multiple DMZs.. for frame, dial-up, internet, internal, etc. I have not
fully explored filtering, we use Kiwi Syslog Daemon for logging but the file
grows extremely huge. In the future, SQL solution (which it supports) will
be implemented but for now I need something live to monitor.

Can you use the Cisco Pix Device Manager to filter the log?

-----Original Message-----
From: rogue [mailto:rogue () nocdemon net]
Sent: Thursday, September 04, 2003 9:29 AM
To: George Peek
Cc: 'security-basics () securityfocus com'; 'owen () delong com';
'firewall-wizards () honor icsalabs com'
Subject: Re: Router Internet Monitoring



if you tell your PIX to log to a syslog server and ramp up the PIX logging
to informational youll see every URL connection made from withinyour
network.

-rogue

On Wed, 3 Sep 2003, George Peek wrote:

This may be a bit offtopic, if so please excuse me. I am looking for a
solution to monitor the live traffic (i.e. incoming/outgoing traffic,

incl.

able to determine what url the user is going to) on our Cisco 2620.

Freeware

would be great, linux solution is ok. I don't want to use a network

capture

utility such as sniffer, fluke or iris. Pix has the device manager which
comes in handy. I can enable logging via SNMP, but it is text based, a GUI
utility that will sort that information would be very cool.

Thank You,
George Peek

---------------------------------------------------------------------------

Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September

6.Visit us: www.blackhat.com

----------------------------------------------------------------------------


-- 
==================
rogue () nocdemon net
             {\o0|
==================
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Router Internet Monitoring George Peek (Sep 05)
- RE: Router Internet Monitoring Dave (Sep 05)
- RE: RE: Router Internet Monitoring Brian Recore (Sep 06)
- Message not available
  - Re: RE: Router Internet Monitoring James Fields (Sep 30)
- <Possible follow-ups>
- Router Internet Monitoring George Peek (Sep 05)
  - Re: Router Internet Monitoring rogue (Sep 05)
  - Re: Router Internet Monitoring Javier Sanchez (Sep 08)