Can I monitor if a rule is triggered on a Cisco ASA?

Unanswered Question
Apr 29th, 2008
User Badges:


Not sure how I can do this, but I have a windows server on a VLAN (DMZ). I have a Cisco ASA and off the ASA a Cisco 3750 which I have all my VLAN's for my DMZ's. I have been asked to monitor if a port on a server gets triggered, is this possible?

Basically we want to know if any Internet users are accessing the server on this port.

I just don't know where to start on this.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mhellman Tue, 04/29/2008 - 11:28
User Badges:
  • Blue, 1500 points or more

I assume you mean TCP port.

You can do this with either an IDS solution or with a SIM solution, like MARS. If you already have one, you could also probably do this with most syslog aggregator products. The key with using the SIM or syslog aggregator solution is getting the log from the ASA to the SIM/aggregator and then creating a "rule" to generate the alert.

whiteford Tue, 04/29/2008 - 23:25
User Badges:

All I have is a syslog server, are the other tools you mention free?

mhellman Wed, 04/30/2008 - 04:35
User Badges:
  • Blue, 1500 points or more

No, but your syslog server might be able to do it. Can it generate an email based on the content of the syslog?


This Discussion