cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
433
Views
0
Helpful
4
Replies

How can I monitor shunning activity?

loobitize
Level 1
Level 1

I need to find a way to monitor shunning activity on a 4210 running 4.1 without purchasing an expensive piece of software.

It does not matter to me if I monitor from the router or the IDS so long as I can verify through email alerts, by logging to a database or syslog that the IDS is shunning on a regular basis. Is there a way to poll the IDS using scripts for the information?

I tried setting up syslog on the router to monitor configuartion changes, but the syslog does not send enough information to be helpful.

I have CiscoWorks security/vpn solution, but I haven't found the functionality I need in that either.

Any help is much appreciated.

Thanks

4 Replies 4

b.speltz
Level 4
Level 4

I believe you need the monitoring software for this.

gert.schaarup
Level 1
Level 1

Still need help on this ?

I am also interested in shun monitoring. Currently I receive a report from some software we use that reads the Syslogs from the pix, but it only gives me a summary of how many shun commands were sent to the pix. Is there any software or perhaps commands we can use to monitor the activity?

Thanks,

John

rhermes
Level 7
Level 7

You can use the reports function in VMS SecMon to do this. Cook up a report that looks for the OUT source direction (source packets with IP's NOT internal to your network - You DID set the IN variable, right?) then add in the sigs you have shunning enabled (do this by sig number, it's a LOT easier), select the sensor you want to report on, and you're done. If you want you can have SecMon Email the reports to you.

Review Cisco Networking for a $25 gift card