Can someone provide me a breakdown of what files/logs are involved with Security Monitor? I have installed VMS 2.1 and want to use the Security Monitor to monitor 2 PIX'es. In one day, I filled up a 25 Gig harddrive. I have the 2 PIX'es configured with 'logging trap informational'. I need to understand the files so that I can maintain a working Security Monitor as well as be able to archive to CD old logs, etc.
Security Monitor does not maintain a log file per say, rather the messages are parsed into database files. But I have not been able to locate more information on this. Your reseller or the Sales person should be able to provide information on this.
As far as configuring logging on the PIX goes, I would suggest you use a level 4 (warning) instead. The volume of messages received would be lesser. Check:
Thanks for the reply. So far no one seems to know anything about the actual workings of the product (from my Cisco sales side). I would be happy to only use warning, but company policies are dictating that we keep informational. Definitely not my suggestion.
Have you used the default pruning database rules? Just wondering if I can rely on them to prune and archive the old messages. This would provide, I think, a way to pull the archives to keep old information.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...