Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: Router Internet Monitoring

RE: Router Internet Monitoring

From: Dave <update_at_dsrtech.com>
Date: Thu, 04 Sep 2003 18:57:30 -0400

George,

You can enable debugging logging to syslog and then exclude which
messages you will not want to see with the command
"no logging message <msg number>"
example "no logging message 305012"

Then you can filter your syslog with grep by interface.

Note this will show all url traffic to all interfaces/dmz(s) and yes
this will load up your syslog file.

I would recommend a tool called "IPAudit-Web". This makes an excellent
tracking tool. http://ipaudit.sourceforge.net/ipaudit-web/

I understand you don't want to capture all traffic but this tool is an
excellent resource at my shop and you could span a switch port off the
dmz you wished to monitor.

Good luck to you.

Dave

On Thu, 2003-09-04 at 15:21, George Peek wrote:
> Problem with Pix is it is logging literally everything, hence we have
> multiple DMZs.. for frame, dial-up, internet, internal, etc. I have not
> fully explored filtering, we use Kiwi Syslog Daemon for logging but the file
> grows extremely huge. In the future, SQL solution (which it supports) will
> be implemented but for now I need something live to monitor.
>
> Can you use the Cisco Pix Device Manager to filter the log?
>
> -----Original Message-----
> From: rogue [mailto:rogue_at_nocdemon.net]
> Sent: Thursday, September 04, 2003 9:29 AM
> To: George Peek
> Cc: 'security-basics_at_securityfocus.com'; 'owen_at_delong.com';
> 'firewall-wizards_at_honor.icsalabs.com'
> Subject: Re: Router Internet Monitoring
>
>
>
> if you tell your PIX to log to a syslog server and ramp up the PIX logging
> to informational youll see every URL connection made from withinyour
> network.
>
> -rogue
>
> On Wed, 3 Sep 2003, George Peek wrote:
>
> > This may be a bit offtopic, if so please excuse me. I am looking for a
> > solution to monitor the live traffic (i.e. incoming/outgoing traffic,
> incl.
> > able to determine what url the user is going to) on our Cisco 2620.
> Freeware
> > would be great, linux solution is ok. I don't want to use a network
> capture
> > utility such as sniffer, fluke or iris. Pix has the device manager which
> > comes in handy. I can enable logging via SNMP, but it is text based, a GUI
> > utility that will sort that information would be very cool.
> >
> > Thank You,
> > George Peek
> >
> >
> ---------------------------------------------------------------------------
> > Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
> > October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
> > technical IT security event. Modeled after the famous Black Hat event in
> > Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
> > Symantec is the Diamond sponsor. Early-bird registration ends September
> 6.Visit us: www.blackhat.com
> >
> ----------------------------------------------------------------------------
> >

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Sep 05 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos