Anyone able to parse syslog events with snortalog? The software gives the option for 'pix' but all the entries get dropped in the log file. Using PIX Firewall Syslog Server (PFSS) for the capture. The snortalog package is working 100% for all other IDS linux based systems. The PIX OS is a legacy version.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
SnortALog w/ PIX syslog events (logging on) IDS
- Thread starter jdeaner
- Start date
dopehead
MIS
- Feb 20, 2003
- 467
Did you enable the ids function of the pix, with the ip audit commands ? if yes, you should see some syslog messages containing "PIX-4-4000nn IDS:" these are the messages from the very simple ids function of the pix, if you want more from the pix, you need to parse the regular logs from the pix, but i do not think snort will be able to do this.
Network Systems Engineer
CCNA/CQS/CCSP/Infosec
Check the danish Cisco CSA Forum here :
Network Systems Engineer
CCNA/CQS/CCSP/Infosec
Check the danish Cisco CSA Forum here :
- Status
Similar threads
- Locked
- Question
- Locked
- Question