https://community.cisco.com/t5/network-security/network-scans/m-p/1794924#M55990 <HTML><HEAD></HEAD><BODY><P>We actually do not own the AIP-SSM sensor module i was trying to accomplish basic ids with the ASA 5520 only...</P><P>to log scans to syslog etc.</P></BODY></HTML> Mon, 24 Oct 2011 20:44:22 GMT laphil 2011-10-24T20:44:22Z https://community.cisco.com/t5/network-security/network-scans/m-p/1794922#M55988 <P>Hi all</P><P></P><P>Im trying to figure out how to get network scans and dos attacks to show up in my syslog server for my CIsco ASA 5520. </P><P>Just with the basic IPS support on the device i cannot seem to get anything to show up on my syslog server?</P><P></P><P>Network scans dont appear to be part of the standard IDS signatures since its just a network port scan?</P><P></P><P></P><P>Any direction on this would be appreciated.</P><P></P><P>Regards</P> Sun, 10 Mar 2019 12:31:34 GMT https://community.cisco.com/t5/network-security/network-scans/m-p/1794922#M55988 laphil 2019-03-10T12:31:34Z https://community.cisco.com/t5/network-security/network-scans/m-p/1794923#M55989 <HTML><HEAD></HEAD><BODY><P>Do you have an AIP-SSM sensor module for your 5520?</P><P>If you do, then you should be able to detect network and host scanning on you network.</P><P>The Sensor module will not output to a syslog server, you can use the free Cisco IPS Manager Express</P><P><A class="active_link" href="http://www.cisco.com/en/US/products/ps9610/index.html">http://www.cisco.com/en/US/products/ps9610/index.html</A></P><P>You can also set the signatures for scans to send an SNMP trap when they fire to your SNMP server.</P><P></P><P></P><P>- Bob</P></BODY></HTML> Mon, 24 Oct 2011 20:23:53 GMT https://community.cisco.com/t5/network-security/network-scans/m-p/1794923#M55989 rhermes 2011-10-24T20:23:53Z https://community.cisco.com/t5/network-security/network-scans/m-p/1794924#M55990 <HTML><HEAD></HEAD><BODY><P>We actually do not own the AIP-SSM sensor module i was trying to accomplish basic ids with the ASA 5520 only...</P><P>to log scans to syslog etc.</P></BODY></HTML> Mon, 24 Oct 2011 20:44:22 GMT https://community.cisco.com/t5/network-security/network-scans/m-p/1794924#M55990 laphil 2011-10-24T20:44:22Z https://community.cisco.com/t5/network-security/network-scans/m-p/1794925#M55991 <HTML><HEAD></HEAD><BODY><P>I don't know of a way to directly detect scans from an ASA. I have seen some indirect scan detection performed on firewall logs in a customized SIM (Intelitactics) via correlation. </P><P>You may be better served asking this question in the firewall forum.</P><P></P><P>- Bob</P></BODY></HTML> Mon, 24 Oct 2011 21:24:17 GMT https://community.cisco.com/t5/network-security/network-scans/m-p/1794925#M55991 rhermes 2011-10-24T21:24:17Z