email administrators when inspect rules are violated
I have a Pix515 and was wondering if there is an easy way to email administratos when an inspect rule is violated. For example one of my ESMTP rules was violated and the following was logged in syslog:
%PIX-4-108004: ESMTP Classification: Dropped connection for ESMTP Request from outside:188.8.131.52/31095 to inside:mail.ddi.org_INSIDE/25; matched Class 4: header line length gt 998
It is an easy fix, but is there an easier way to be notified without looking in syslog or manually setting up for each case that I want to be notified for? Can the pix email me if one of the inspect rules denies traffic?
Re: email administrators when inspect rules are violated
This is very simple. Write a simple Perl script with regex experession and watch the syslog message for what you want to see. Put in a condition that if the script sees it, it send you an email. The script can be written 5 minutes.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...