04-29-2008 07:42 AM - edited 02-21-2020 02:00 AM
Hi,
Not sure how I can do this, but I have a windows server on a VLAN (DMZ). I have a Cisco ASA and off the ASA a Cisco 3750 which I have all my VLAN's for my DMZ's. I have been asked to monitor if a port on a server gets triggered, is this possible?
Basically we want to know if any Internet users are accessing the server on this port.
I just don't know where to start on this.
Thanks
04-29-2008 11:28 AM
I assume you mean TCP port.
You can do this with either an IDS solution or with a SIM solution, like MARS. If you already have one, you could also probably do this with most syslog aggregator products. The key with using the SIM or syslog aggregator solution is getting the log from the ASA to the SIM/aggregator and then creating a "rule" to generate the alert.
04-29-2008 11:25 PM
All I have is a syslog server, are the other tools you mention free?
04-30-2008 04:35 AM
No, but your syslog server might be able to do it. Can it generate an email based on the content of the syslog?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: