Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Firewall IOS monitoring

I have a client that has a 2621 running the ios firewall. We have configured the access-list to log violations to a syslog server when they occur. Does Cisco make or is there 3rd party software that will monitor the syslog entries for a repeated violation from the same source ip (or any protocol violations)? They want to setup 24/7 in house firewall monitoring that will page a tech if such a violation should occur.

Or is there a better way to accomplish this?

Thanks

10 REPLIES
New Member

Re: Firewall IOS monitoring

I’d suggest using Cisco snmp mibs and Intrusion detection devices (http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/iosfw2/ios_ids.htm#xtocid205650) for added security to your network. Open Systems makes a software product named Private I that should work for you too. Check out their evaluation version at www.opensystems.com

New Member

Re: Firewall IOS monitoring

take a look at netforensics

Cisco Employee

Re: Firewall IOS monitoring

CS Intrusion Detection has a feature that may help. The sensor can be the recipient of router ACL violation syslog messages. When it receives one, it then processes the message and builds an IDS alarm from the information contained and sends that on to the management station.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids1/csidsug/configur.htm#xtocid1463814

Charlie Stokes

New Member

Re: Firewall IOS monitoring

update, looks like PrivateI by opensystems will work. (opensystems.com) It has the reporting and notification features I am looking for. However; in order for the paging feature to work you must have email paging, in other works it just sends an email to you (or your pager).

New Member

Re: Firewall IOS monitoring

You can manage, monitor, maintain and perform event correlation of all IDS, PIX, IOS firewall, VPN Concentrator, NT, UNIX and Checkpoint alerts through the use of Netforensics. Netforensics will solve the cumbersome task of managing security data. If you want further clarification and product capabilities contact me directly at jharris@netcom-sys.com.

New Member

Re: Firewall IOS monitoring

Hi,

Can you tell me where I can Find Netforensics?

Thanks.

New Member

Re: Firewall IOS monitoring

New Member

Re: Firewall IOS monitoring

Thanks,

but I mean a site to download it.

New Member

Re: Firewall IOS monitoring

I've been using NetForensics V2.2 for a couple months and its a great product. It will monitor the PIX, IDS and the ios fw.

New Member

Re: Firewall IOS monitoring

I use CiscoWorks to grep my syslog and Telalert to page on configured events (things like inbound PIX denys, interface up/downs, stuff I want to know about). I also have the NetRanger Director paging me (also using Telalert) on IDS hits (I have both IOS IDS in my edge routers and NR sensors behind same). If there is a problem with this, it's that I don't have any smart filtering to, for example, only page me after N violations from the same IP (but anybody sophisticated enough to throw a DOS attack my way is going to spoof addresses, so maybe I want to see 'em all anyway). Suffice to say I get paged alot :) .... but it's all good.

199
Views
0
Helpful
10
Replies
CreatePlease to create content