https://community.cisco.com/t5/network-security/what-do-you-monitor-on-your-pix/m-p/552201#M525604 <HTML><HEAD></HEAD><BODY><P>This link is a little more current for the messages. What OS version are you running?</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_1/syslog/logmsgs.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_1/syslog/logmsgs.htm</A></P><P></P><P>Check this link for some monitoring info-</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/sysmgmt.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/sysmgmt.htm</A></P><P></P><P>Also ,check out the Cisco Security MARS appliances that analyzes and correlates security events, syslog, etc. and can help determine the actual attack path and provide mitigation options...</P><P></P><P>If you are interested in the attack signatures and what they are, use the PDM and go to System properties-Intrusion Detection-IDS Signature and you can see the list of signatures there...</P><P></P><P>regards,</P><P></P><P>DC</P></BODY></HTML> Thu, 13 Apr 2006 17:50:06 GMT davidecooper1967 2006-04-13T17:50:06Z https://community.cisco.com/t5/network-security/what-do-you-monitor-on-your-pix/m-p/552199#M525594 <P>My boss has told me to monitor the PIX firewall for our company and write a monthly report. So I&#146;m sitting for hours in front of the PIX staring at the green power light. Our firewall seems to be OK. The green light is constant on. ;-))</P><P></P><P>I&#146;ve read the Cisco Cookbook, a valuable source of how to guides. This explains how to monitor using SNMP and how to collect the syslog. Also the PIX Firewall Handbook tells me to frequently have a look at the syslog for important messages. </P><P></P><P>So far I have a limited idea what to look for. I intend to have a mrtg (<A href="http://www.mrtg.org" target="_blank">www.mrtg.org</A>) like graph for each interface. I&#146;m also considering looking for syslog messages that say user failed to authenticate for VPN connection. But is that really everything?</P><P></P><P>What do you monitor on your PIX (or Cisco router) and what do you report?</P><P>If you know the SNMP ODI or PIX syslog number than plase add this information, it realy helps me.</P><P></P><P>Thanks in advance, </P><P>Volker</P> Fri, 21 Feb 2020 08:50:14 GMT https://community.cisco.com/t5/network-security/what-do-you-monitor-on-your-pix/m-p/552199#M525594 vschmidt_2 2020-02-21T08:50:14Z https://community.cisco.com/t5/network-security/what-do-you-monitor-on-your-pix/m-p/552200#M525597 <HTML><HEAD></HEAD><BODY><P>Some basic commands I would use to monitor a pix are:</P><P></P><P>show cpu usage</P><P>show traffic</P><P>show perfmon</P><P>show memory</P><P>show xlate</P><P>show conn count</P><P>show interface</P><P></P><P>You best bet would be to get a SNMP applicion to monitor some of these stats for you andthat can build reports.</P><P></P><P>I would also have the pix send events to a syslog server and monitor that log for events triggered by any of the pix's 55 attack signatures. I am not sure what the exact syslog message number is for each attack signature but here is a link to all the pix syslog message numbers.</P><P></P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/syslog/pixemsgs.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/syslog/pixemsgs.htm</A></P><P></P><P>Good luck, please rate if this was helpful.</P><P></P></BODY></HTML> Wed, 12 Apr 2006 19:27:38 GMT https://community.cisco.com/t5/network-security/what-do-you-monitor-on-your-pix/m-p/552200#M525597 Nicholas Vigil 2006-04-12T19:27:38Z https://community.cisco.com/t5/network-security/what-do-you-monitor-on-your-pix/m-p/552201#M525604 <HTML><HEAD></HEAD><BODY><P>This link is a little more current for the messages. What OS version are you running?</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_1/syslog/logmsgs.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_1/syslog/logmsgs.htm</A></P><P></P><P>Check this link for some monitoring info-</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/sysmgmt.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/sysmgmt.htm</A></P><P></P><P>Also ,check out the Cisco Security MARS appliances that analyzes and correlates security events, syslog, etc. and can help determine the actual attack path and provide mitigation options...</P><P></P><P>If you are interested in the attack signatures and what they are, use the PDM and go to System properties-Intrusion Detection-IDS Signature and you can see the list of signatures there...</P><P></P><P>regards,</P><P></P><P>DC</P></BODY></HTML> Thu, 13 Apr 2006 17:50:06 GMT https://community.cisco.com/t5/network-security/what-do-you-monitor-on-your-pix/m-p/552201#M525604 davidecooper1967 2006-04-13T17:50:06Z