Network Traffic Monitoring

Unanswered Question
Jun 19th, 2008
User Badges:

Hi, I have setup all ASA FW on different locations and made Site to SIte Tunnel and Remote VPN and everything is working fine.As I know, the Accounting in AAA Server keeps the records of What users has done and Does Sys log Server contains of all information of every inbound and outbound packet of all interfaces of Cisco ASA. I have to monitor all traffic and how may I determine according to the Security concerned which Packet is a genuine one or which is not and If I may know about the attacks then which steps I must take. Thanks...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Fri, 06/20/2008 - 03:30
User Badges:
  • Red, 2250 points or more

To really know about the attacks you would need a good IPS solution. The ASA (without the AIP-SSM) module is a device whose primary function is 'access control' and not attack detection and mitigation (even tough there is limited support for such configurations).


Regards


Farrukh

ray_stone Fri, 06/20/2008 - 07:14
User Badges:

Thanks Farrukh, I really appreciate... Can you please suggest me any software through which I could monitor Interface Traffic? Does Sys log Server perform same work in Cisco ASA. Can you please send a link of documentation to know about IPS in better way. AIP-SSM stands for???? Thanks...

dhananjoy chowdhury Sun, 06/22/2008 - 02:05
User Badges:
  • Silver, 250 points or more

Hi

If you are looking for monitoring of NW traffic from security point of view, you can try opensource sim tool like OSSIM.


If you want only to monitor NW devices/ Interfaces for Uptime/Availabilty/CPU/Mem usage etc.,then you can try OpenNMS or Nagios.

merabtavart Fri, 07/22/2011 - 02:00
User Badges:

Check

http://www.vpnttg.com/


Advantage   of VPNTTG over other SNMP based monitoring software’s is  following:   Other (commonly used) software’s are working with static OID  numbers,   i.e. whenever tunnel disconnects and reconnects, it gets  assigned a  new  OID number. This means that the historical data, gathered  on the   connection, is lost each time. However, VPNTTG works with VPN  peer’s  IP  address and it stores for each VPN tunnel historical  monitoring  data  into the SQL server and into the RRD (Round Robin  Database) file.


HTH

Actions

This Discussion