Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cisco Short Questions Thread v12.4.9(WTF)
 
  • Post
  • Reply
obsidian440
Apr 15, 2004

Don't question god's choices.
I have very very little cisco knowledge and find myself more and more working with the company firewall/router. The info I get in the pix manager about is
Cisco PIX Firewall Version 6.3(4)
Cisco PIX Device Manager Version 3.0(2)

I would like to setup logging to a server within our network, which I have done, but now need to clean up the messages I am recieving. Is it possible to log only denied VPN connections and system peaks, CPU utilization, memory, bandwidth etc ? I tried looking around for info on the different facility levels but didn't find much help, admittedly I didn't look very hard. Is this type of setup possible ? If not, what would be a good setup that would get info on possible attacks or unauthorized connections ? Thanks guys!

* # ¿ May 16, 2007 16:57
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 29, 2024 01:37
  • Quote
obsidian440
Apr 15, 2004

Don't question god's choices.

Girdle Wax posted:

If you're stuck on 6.x, you'll need to look into setting the levels of the messages you're trying to pick out, then setting the pix to only send messages of that severity or higher, which might help your signal-to-noise.

If that doesn't help you could look at moving to another syslog server like syslog-ng which has built in filtering capabilities so you could direct your 'interesting' logs to a special log file. If you feel like really going over the top you could then setup SEC (Simple Event Correlator) to watch that log file and take actions on the messages, like warning you if someone fails to log in too many times.

Another alternative if you have the hardware, and can get the software, to do it would be to upgrade to 7.x and use the built in message list filter feature.

As far as logging CPU/Memory, I'd have to recommend setting up cacti on a Linux host somewhere on your network and using that to graph the CPU/Mem/Interface Traffic OIDs.

I hate to come off as lazy, but can I get some links to help me with doing this ? I didn't see anything that jumped out at me while messing with the logging options in pix.

* # ¿ May 18, 2007 13:21
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cisco Short Questions Thread v12.4.9(WTF)