Can I monitor if a rule is triggered on a Cisco ASA?

Unanswered Question
Apr 29th, 2008

Hi,

Not sure how I can do this, but I have a windows server on a VLAN (DMZ). I have a Cisco ASA and off the ASA a Cisco 3750 which I have all my VLAN's for my DMZ's. I have been asked to monitor if a port on a server gets triggered, is this possible?

Basically we want to know if any Internet users are accessing the server on this port.

I just don't know where to start on this.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mhellman Tue, 04/29/2008 - 11:28

I assume you mean TCP port.

You can do this with either an IDS solution or with a SIM solution, like MARS. If you already have one, you could also probably do this with most syslog aggregator products. The key with using the SIM or syslog aggregator solution is getting the log from the ASA to the SIM/aggregator and then creating a "rule" to generate the alert.

whiteford Tue, 04/29/2008 - 23:25

All I have is a syslog server, are the other tools you mention free?

mhellman Wed, 04/30/2008 - 04:35

No, but your syslog server might be able to do it. Can it generate an email based on the content of the syslog?

Actions

This Discussion