Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SnortALog w/ PIX syslog events (logging on) IDS

Status
Not open for further replies.
jdeaner

jdeaner

MIS
Jan 7, 2003
61
0
0
US
Anyone able to parse syslog events with snortalog? The software gives the option for 'pix' but all the entries get dropped in the log file. Using PIX Firewall Syslog Server (PFSS) for the capture. The snortalog package is working 100% for all other IDS linux based systems. The PIX OS is a legacy version.
 
Sort by date Sort by votes
Did you enable the ids function of the pix, with the ip audit commands ? if yes, you should see some syslog messages containing "PIX-4-4000nn IDS:" these are the messages from the very simple ids function of the pix, if you want more from the pix, you need to parse the regular logs from the pix, but i do not think snort will be able to do this.

Network Systems Engineer
CCNA/CQS/CCSP/Infosec
Check the danish Cisco CSA Forum here :
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
140
Sameer258
Sameer258
mcisar
  • Locked
  • Question
Disable CHAP on PPPoE WAN connection
Replies
0
Views
51
mcisar
mcisar
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
55
PauS0n
PauS0n
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
35
xwray
xwray
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
116
nnaarrnn
nnaarrnn

Part and Inventory Search

Sponsor

Back
Top