My best recommendation, however, is to use CSPM's Event Viewer. When the Event Viewer is opened you have the option of either pulling the events from the CSPM database or looking at the events from a log file. What you can do is setup the CSPM box as an FTP Server then use the sensor's ability to FTP the log files to the CSPM box. Then you can open these log files using hte Event Viwer.
My apologies for asking my question in such a general fashion.
My question is what tool should I use to view the captured packets that are generated under the LOG action? I'd like access to the data in the TCP headers, plus be able to more accurately determine the responses of our servers.
My first attempts with UNIX file tools lead me to believe the packets are in either a raw format or in the format of some packet analysis software.
The captured packet Log files are generally referred to as IPLOG files to help differentiate between the 2 log file types.
Version 2.5(1)S3 and earlier versions of the sensors produce IPLOG files in a proprietary format. The transcript tool on the Unix Director can read this format and display the data of the packets in an ASCII format. This tool is automatically run when Security->Show->IP Logs is selected in the openview window.
However, the proprietary format can also be read by ethereal. The tool allows you to read the header portion of that packets as well as the data. Later versions of ethereal have been modified to read our proprietary format. NOTE: In our format certain fields such as mac addresses have been removed.
Beginning in 3.0 we will no longer be using our proprietary format, instead we will be going to the standard tcpdump format and almost any tool able ot read the tcpdump format will be able to read the IPLOG files in 3.0.
NOTE: ethereal will have to be loaded on your CSPM or Unix Director boxes, or your personal desktop. Do not load ethereal on the sensor itself. You will need to ftp the IPLOGs off of the sensor to your other box for viewing.
The Unix Director is being upgraded and in it's next release will be able to pull these IPLOGs for you to the Unix Director box.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...