My boss has told me to monitor the PIX firewall for our company and write a monthly report. So Im sitting for hours in front of the PIX staring at the green power light. Our firewall seems to be OK. The green light is constant on. ;-))
Ive read the Cisco Cookbook, a valuable source of how to guides. This explains how to monitor using SNMP and how to collect the syslog. Also the PIX Firewall Handbook tells me to frequently have a look at the syslog for important messages.
So far I have a limited idea what to look for. I intend to have a mrtg (www.mrtg.org) like graph for each interface. Im also considering looking for syslog messages that say user failed to authenticate for VPN connection. But is that really everything?
What do you monitor on your PIX (or Cisco router) and what do you report?
If you know the SNMP ODI or PIX syslog number than plase add this information, it realy helps me.
Some basic commands I would use to monitor a pix are:
show cpu usage
show conn count
You best bet would be to get a SNMP applicion to monitor some of these stats for you andthat can build reports.
I would also have the pix send events to a syslog server and monitor that log for events triggered by any of the pix's 55 attack signatures. I am not sure what the exact syslog message number is for each attack signature but here is a link to all the pix syslog message numbers.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :