Re: Syslog montioring and usage.

[Josh Welch <jwelch () buffalowildwings com>]

Chad Thomsen wrote:

> I am trying to learn the ins and outs of using Syslog.  I am at my
> second job where I have installed and configure another Pix, but have
> never really got into Syslog.  I am currently using KIWI syslog daemon.
> I would like to better find out what the messages mean, and how to track
> down port scans, and other security related issues that syslog may
> reveal. To sum it up I want to be able to have a good understanding of a
> log file that comes form a Pix. 
>
> Sorry for such a n00b question as I am really starting to dig into
> network security.  
>
> Thanks,
>
> Chad Thomsen, MCSE, CCNA

Here's a link to the Cisco doc for setting up syslog on a PIX (obtained 
via google, *hint*):

http://www.cisco.com/warp/public/110/pixsyslog.html

There is also a link in there pointing to the documentation that 
describes the syslog messages in painful detail.

You might also want to check out the loganalysis.org website for further 
information on logging in general, and I believe there is some PIX 
specific stuff there as well.

Josh
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards