11-04-2002 03:53 PM - edited 02-20-2020 09:19 PM
Hello,
Simple question, really. I'm looking for a simple, inexpensive syslog analyzer that will monitor acl deny messages, and output intrusion signature information.
Thanks,
Chris Ranch
11-04-2002 04:20 PM
We're logging to a MS SQL Server v7 database, and then running sql scripts like
SELECT DateTimeLocal, MessageText
FROM Syslog
WHERE DateTimeLocal Like 'Oct __ 2002%' AND MessageText Like '%Line protocol on Interface Ethernet0/1%'
ORDER BY DateTimeLocal DESC;
to search for certain conditions. Make this a stored procedure, and then you can use the Web Assistant to output web pages at regular intervals for any condition that is logged to the table. We have a special we site that produces hourly reports - all network devices log to this database.
-Jeff
11-05-2002 10:24 AM
Thanks Jeff, but that doesn't help. I have a Kiwi syslog server, and the reports I'm interested in are attack signatures based on acl deny messages. Something like Reportgen from RnR, but for acls, not PIX.
Thanks anyway.
Chris
11-26-2002 03:08 PM
07-02-2018 11:15 PM
Cisco ACL checker https://plclip.com/video/e31Uz46AKn0/aclcheck.html
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: