Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

email administrators when inspect rules are violated

I have a Pix515 and was wondering if there is an easy way to email administratos when an inspect rule is violated. For example one of my ESMTP rules was violated and the following was logged in syslog:

%PIX-4-108004: ESMTP Classification: Dropped connection for ESMTP Request from outside: to inside:mail.ddi.org_INSIDE/25; matched Class 4: header line length gt 998

It is an easy fix, but is there an easier way to be notified without looking in syslog or manually setting up for each case that I want to be notified for? Can the pix email me if one of the inspect rules denies traffic?


Re: email administrators when inspect rules are violated

Not that I know of. You could setup SNMP on the PIX and relay all messages to a logging server and use SNMP traps to gather the messages you want then generate e-mails based on that.


Re: email administrators when inspect rules are violated

This is very simple. Write a simple Perl script with regex experession and watch the syslog message for what you want to see. Put in a condition that if the script sees it, it send you an email. The script can be written 5 minutes.