Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
0
Helpful
2
Replies

What do you monitor on your PIX?

vschmidt_2
Level 1
Level 1

‎04-12-2006 08:46 AM - edited ‎02-21-2020 12:50 AM

My boss has told me to monitor the PIX firewall for our company and write a monthly report. So I’m sitting for hours in front of the PIX staring at the green power light. Our firewall seems to be OK. The green light is constant on. ;-))

I’ve read the Cisco Cookbook, a valuable source of how to guides. This explains how to monitor using SNMP and how to collect the syslog. Also the PIX Firewall Handbook tells me to frequently have a look at the syslog for important messages.

So far I have a limited idea what to look for. I intend to have a mrtg (www.mrtg.org) like graph for each interface. I’m also considering looking for syslog messages that say user failed to authenticate for VPN connection. But is that really everything?

What do you monitor on your PIX (or Cisco router) and what do you report?

If you know the SNMP ODI or PIX syslog number than plase add this information, it realy helps me.

Thanks in advance,

Volker

0 Helpful
2 Replies 2

Nicholas Vigil
Level 1
Level 1

‎04-12-2006 12:27 PM

Some basic commands I would use to monitor a pix are:

show cpu usage

show traffic

show perfmon

show memory

show xlate

show conn count

show interface

You best bet would be to get a SNMP applicion to monitor some of these stats for you andthat can build reports.

I would also have the pix send events to a syslog server and monitor that log for events triggered by any of the pix's 55 attack signatures. I am not sure what the exact syslog message number is for each attack signature but here is a link to all the pix syslog message numbers.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/syslog/pixemsgs.htm

Good luck, please rate if this was helpful.

0 Helpful

davidecooper1967
Level 1
Level 1

‎04-13-2006 10:50 AM

This link is a little more current for the messages. What OS version are you running?

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_1/syslog/logmsgs.htm

Check this link for some monitoring info-

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/sysmgmt.htm

Also ,check out the Cisco Security MARS appliances that analyzes and correlates security events, syslog, etc. and can help determine the actual attack path and provide mitigation options...

If you are interested in the attack signatures and what they are, use the PDM and go to System properties-Intrusion Detection-IDS Signature and you can see the list of signatures there...

regards,

DC

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card