Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

What do you monitor on your PIX?

My boss has told me to monitor the PIX firewall for our company and write a monthly report. So I’m sitting for hours in front of the PIX staring at the green power light. Our firewall seems to be OK. The green light is constant on. ;-))

I’ve read the Cisco Cookbook, a valuable source of how to guides. This explains how to monitor using SNMP and how to collect the syslog. Also the PIX Firewall Handbook tells me to frequently have a look at the syslog for important messages.

So far I have a limited idea what to look for. I intend to have a mrtg (www.mrtg.org) like graph for each interface. I’m also considering looking for syslog messages that say user failed to authenticate for VPN connection. But is that really everything?

What do you monitor on your PIX (or Cisco router) and what do you report?

If you know the SNMP ODI or PIX syslog number than plase add this information, it realy helps me.

Thanks in advance,

Volker

2 REPLIES
New Member

Re: What do you monitor on your PIX?

Some basic commands I would use to monitor a pix are:

show cpu usage

show traffic

show perfmon

show memory

show xlate

show conn count

show interface

You best bet would be to get a SNMP applicion to monitor some of these stats for you andthat can build reports.

I would also have the pix send events to a syslog server and monitor that log for events triggered by any of the pix's 55 attack signatures. I am not sure what the exact syslog message number is for each attack signature but here is a link to all the pix syslog message numbers.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/syslog/pixemsgs.htm

Good luck, please rate if this was helpful.

New Member

Re: What do you monitor on your PIX?

This link is a little more current for the messages. What OS version are you running?

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_1/syslog/logmsgs.htm

Check this link for some monitoring info-

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/sysmgmt.htm

Also ,check out the Cisco Security MARS appliances that analyzes and correlates security events, syslog, etc. and can help determine the actual attack path and provide mitigation options...

If you are interested in the attack signatures and what they are, use the PDM and go to System properties-Intrusion Detection-IDS Signature and you can see the list of signatures there...

regards,

DC

108
Views
0
Helpful
2
Replies
CreatePlease login to create content