topic Re: PIX syslog to sensor in Network Security

PIX syslog to sensor

tednie — Fri, 21 Feb 2020 05:53:50 GMT

Does anyone know if a sensor can be configured to interpret PIX syslog/IDS messages and notify the director? Thanks in advance.

Re: PIX syslog to sensor

jawelsh — Tue, 06 Nov 2001 13:53:00 GMT

the sensor cannot do this. The sensor will only accept syslog messages from routers that it is using for shunning. Why dont you configure the pix to notify the director? you must be using pix 6.0 or higher.

Re: PIX syslog to sensor

tednie — Tue, 06 Nov 2001 14:57:59 GMT

I can't find any commands similiar to the router IOS IDS commands on the PIX, enabling the po protocol for communication to the director. Unless you mean just log out to the syslog service.

Re: PIX syslog to sensor

marcabal — Tue, 06 Nov 2001 17:34:08 GMT

You are correct that the Pix did not port the Postoffice protocol when they implemented IDS on the Pix.

So you would have to rely on the syslog messages generated by the Pix.

CSPM is able to receive both the alarms generated by the IDS sensors and the syslog messages from the Pix.

They are not viewed in the same windows nor appear in the same reports, so you will have to look at both the syslog reports from the Pix and the IDS alarms. I believe that there might already be initiaives to correlate the data from the two message types in a future product, but I don't know any details

If using the Unix Director then you will have to rely on a third package for viewing the syslog data for the Pix.

You could look for syslog analyzers that are not security specific or you can purchase NetForensics which is able to receive alarms from the IDS sensors as well as the syslog messages from the Pix. I believe that it supposed to be able to coordinate data from the IDS sensor alarms in the syslog messages wiht some type of links, but I have not tried it myself. I would reccomend contacting NetForensics directly if that interests you: www.netforensics.com