08-15-2012 07:02 AM - edited 03-11-2019 04:42 PM
Hey All,
I need to check the connections through our ASA5510, look for anything 'abnormal', and check things like FTP and Telnet sessions going on over our firewall.
Currently I've been using 'show local-host brief' to see high numbers of connections, then I go back through and do 'show local-host x.x.x.x' to see what they're actually connected to.
I'm seeing some desktops with 120+ TCP connections, but when I do a 'show local-host x.x.x.x' on those IP's I get a long list, but it's all to normal sites like google, facebook etc.
I'm also currently doing things all by hand, visually looking at the IP's, doing whois on them etc..
Here are my questions:
Any answers on any of these would be a huge help for my daily reports !!
Solved! Go to Solution.
08-15-2012 08:24 AM
for statistical analysis I would recommend setting up cacti graphing to monitor your ASA and for more indepth tracking of what user has done what then I would have thought netflow would be the ideal candidate.
netflow setup for asa:
http://www.cisco.com/en/US/docs/security/asa/asa83/netflow/netflow.html
hth
Scott
08-15-2012 08:24 AM
for statistical analysis I would recommend setting up cacti graphing to monitor your ASA and for more indepth tracking of what user has done what then I would have thought netflow would be the ideal candidate.
netflow setup for asa:
http://www.cisco.com/en/US/docs/security/asa/asa83/netflow/netflow.html
hth
Scott
03-07-2013 09:22 AM
Hey LBS,
Cleaning up some of my old/un-resolved discussions. Your recommendation was a good one, thanks for your help!
Kindest Regards,
ALAN
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide