Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

alerting / reporting pix 515

hi there

we are using a pix 515 within our company. the only problem not solved yet is the alerting and reporting by the pix. SNMP traps and syslogd are configured and sent to a linx server server and stored into files. for logging, this is ok, but what possibilities do I have, if i want an alert (f.e. email) to be sent if a portscan or other attack happens? do I have to write my own parser? I hope there is a linux tool which helps me out to filter for certain messages and take the appropriate action or any other way of alerting mechanism. I couldn't find any useful information on cisco's website.

thanks so much for your effort.

hans

2 REPLIES
Silver

Re: alerting / reporting pix 515

There are two Windows products that might help you. The first is PIX Firewall manager which has some basic reporting and alerting. This is available on Cisco’s site. The other is by Cisco’s partner at www.opensystems.com called Private I. I know of nothing for a unix platform. You might also consider IDS for intrusion detection and scanning capabilities.

New Member

Re: alerting / reporting pix 515

Hi Hans,

PIX 6.X comes with some basic IDS capabilities. If you were to configured the pix IDS to send alerts to the linux syslog server you could use somthing like program swatch to watch the syslog file and send an alert based on a string match.

Swatch is a small perl program that is setup to watch a log file for a string and when its sees the string can be setup to send an email. Basic but it works.

Regards Brett

86
Views
0
Helpful
2
Replies