05-23-2002 06:30 AM - edited 02-20-2020 10:04 PM
hi there
we are using a pix 515 within our company. the only problem not solved yet is the alerting and reporting by the pix. SNMP traps and syslogd are configured and sent to a linx server server and stored into files. for logging, this is ok, but what possibilities do I have, if i want an alert (f.e. email) to be sent if a portscan or other attack happens? do I have to write my own parser? I hope there is a linux tool which helps me out to filter for certain messages and take the appropriate action or any other way of alerting mechanism. I couldn't find any useful information on cisco's website.
thanks so much for your effort.
hans
05-30-2002 01:52 PM
There are two Windows products that might help you. The first is PIX Firewall manager which has some basic reporting and alerting. This is available on Ciscos site. The other is by Ciscos partner at www.opensystems.com called Private I. I know of nothing for a unix platform. You might also consider IDS for intrusion detection and scanning capabilities.
05-31-2002 03:40 AM
Hi Hans,
PIX 6.X comes with some basic IDS capabilities. If you were to configured the pix IDS to send alerts to the linux syslog server you could use somthing like program swatch to watch the syslog file and send an alert based on a string match.
Swatch is a small perl program that is setup to watch a log file for a string and when its sees the string can be setup to send an email. Basic but it works.
Regards Brett
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide