Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
458
Views
0
Helpful
3
Replies

Can I monitor if a rule is triggered on a Cisco ASA?

whiteford
Level 1
Level 1

‎04-29-2008 07:42 AM - edited ‎02-21-2020 02:00 AM

Hi,

Not sure how I can do this, but I have a windows server on a VLAN (DMZ). I have a Cisco ASA and off the ASA a Cisco 3750 which I have all my VLAN's for my DMZ's. I have been asked to monitor if a port on a server gets triggered, is this possible?

Basically we want to know if any Internet users are accessing the server on this port.

I just don't know where to start on this.

Thanks

0 Helpful
3 Replies 3

mhellman
Level 7
Level 7

‎04-29-2008 11:28 AM

I assume you mean TCP port.

You can do this with either an IDS solution or with a SIM solution, like MARS. If you already have one, you could also probably do this with most syslog aggregator products. The key with using the SIM or syslog aggregator solution is getting the log from the ASA to the SIM/aggregator and then creating a "rule" to generate the alert.

0 Helpful

whiteford
Level 1
Level 1
In response to mhellman

‎04-29-2008 11:25 PM

All I have is a syslog server, are the other tools you mention free?

0 Helpful

mhellman
Level 7
Level 7
In response to whiteford

‎04-30-2008 04:35 AM

No, but your syslog server might be able to do it. Can it generate an email based on the content of the syslog?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card