Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

cisco info center

I need to gather the following information from a PIX log.

•machine scanning—scanning a network to see the machines it contains

•port scanning—scanning the ports on a machine to see the running services

•port overuse—the abuse of a service offered by a particular machine

•too many accepts, rejects or drops— for instance, users receiving persistent denials of service

•oversized data transfers— for instance, excessively large FTP transfers

•too many Cisco PIX Firewall Info Mediator policy changes—could indicate suspicious activ

what do I need to set on the PIX to send this information to logging server.

Ive read that I can do this using cisco info center, but only with SUN?

can I do this using linux? is there a way to implement this on linux?

Please help.

3 REPLIES

Re: cisco info center

You can sent that information on all platform that are able to run a Syslog server.

Windows:

http://www.kiwisyslog.com/

http://support.3com.com/software/utilities_for_windows_32_bit.htm

Linux or Solaris:

Use Standard syslog that run on all distrubutions.

Documentation:

Accessing and Monitoring PIX Firewall:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172797.html

sincerely

Patrick

Re: cisco info center

I actually was asking about a log analyzer, not a syslog server.

this CISCO software runs on a SUN machine and give the reports I would like to receive about port scans and DOS, etc.

Someone please help.

Re: cisco info center

Try this one FWLOGSUM.

http://www.ginini.com/software/fwlogsum/

http://www.ginini.com/software/fwlogsum/converters/

It uses basicly PERL scripts and supports a wide range of Firewalls. You just need to install Perl in your Windows environment.

Commercial Windows version could be:

http://www.sawmill.net/

sincerely

Patrick

91
Views
4
Helpful
3
Replies
CreatePlease login to create content