jibranilyas
asked on
Cisco Pix Firewall Management
I got access to the PIX firewall last week... I wanted to know what I could really do with it..
One thing I would really like to do is to monitor the VPN usage.... please let me know how i can... any web documentations will be fine... I just want to know where to start.
In the past, our VPN users have complained that they were having difficulties connecting or the VPN was slow. I have never had a problem connecting to VPN from my house... so i am wondering if this problem is on the pix. I want to check the logs of VPN and analyze them... Please let me know of any software that can give me the cisco logs in a CSV file or any file that i can open in windows.
Thanks,
One thing I would really like to do is to monitor the VPN usage.... please let me know how i can... any web documentations will be fine... I just want to know where to start.
In the past, our VPN users have complained that they were having difficulties connecting or the VPN was slow. I have never had a problem connecting to VPN from my house... so i am wondering if this problem is on the pix. I want to check the logs of VPN and analyze them... Please let me know of any software that can give me the cisco logs in a CSV file or any file that i can open in windows.
Thanks,
We had some similar issues with our users. We logged all VPN logons and also used MRTG to monitor the firewall and all of our routers. We actually had our logs put into a SQL database with the syslog program that we were using. This made is very easy for us to analyse them. MRTG allowed us to pin point our bottlenecks as well as any other problems.
You can use any syslog deamon, I like kiwi http://www.kiwitools.com
Then, you can add a syslog analyzer like sawmill... http://www.sawmill.net/formats/Syslog.html
And/or, you can use the web gui of the pix itself. Update to the latest 6.3(4) OS and the PDM 3.02 GUI
Lots of monitoring graphs/charts, etc. right on the PIX
Then, you can add a syslog analyzer like sawmill... http://www.sawmill.net/formats/Syslog.html
And/or, you can use the web gui of the pix itself. Update to the latest 6.3(4) OS and the PDM 3.02 GUI
Lots of monitoring graphs/charts, etc. right on the PIX
ASKER
I downloaded the Syslog Daemon and installed it.
Also requested a 30 day key and now it is operating as a registered version.
If the IP address of the PIX is 10.1.1.1, where do i put that in.
What do i have to do anything in the pix? I get into pix through hypertrm.
Please guide me thru the initial setup.. Thanks
Also requested a 30 day key and now it is operating as a registered version.
If the IP address of the PIX is 10.1.1.1, where do i put that in.
What do i have to do anything in the pix? I get into pix through hypertrm.
Please guide me thru the initial setup.. Thanks
Assuming that the IP address of your kiwi syslog workstation is 10.1.1.x
Enable logging on the PIX to send all syslogs to that workstation:
logging on
logging host 10.1.1.x
logging trap information
logging timestamp
That's all you need to do on the PIX, and it should start sending data to the Kiwi workstation..
Enable logging on the PIX to send all syslogs to that workstation:
logging on
logging host 10.1.1.x
logging trap information
logging timestamp
That's all you need to do on the PIX, and it should start sending data to the Kiwi workstation..
ASKER
User Access Verification
Thanks,
here is my log... I have temporarily disabled the sp2 firewall also...
I hope it works...
do you know what that "bind to address" is.. In setup-->input-->udp.
any other settings in the syslog daemon that i should do ?
Username: XXXXXX
Password: ******
Type help or '?' for a list of available commands.
sagnet> enable
Password: ******
sagnet# logging on
Usage: clear logging
sagnet# logging host 10.0.1.245
Usage: clear logging
sagnet# logging trap information
Usage: clear logging
sagnet# logging timestamp
Usage: clear logging
sagnet#
Thanks,
here is my log... I have temporarily disabled the sp2 firewall also...
I hope it works...
do you know what that "bind to address" is.. In setup-->input-->udp.
any other settings in the syslog daemon that i should do ?
Username: XXXXXX
Password: ******
Type help or '?' for a list of available commands.
sagnet> enable
Password: ******
sagnet# logging on
Usage: clear logging
sagnet# logging host 10.0.1.245
Usage: clear logging
sagnet# logging trap information
Usage: clear logging
sagnet# logging timestamp
Usage: clear logging
sagnet#
ASKER
*******************
logging on
logging host 10.1.1.x
logging trap information
logging timestamp
*******************
this didn't work... so i went to the cisco site and applied instructions for providing facilty.
sagnet# logging host 10.0.1.245
Usage: clear logging
sagnet# logging facility 5
Usage: clear logging
sagnet# logging trap debugging
Usage: clear logging
sagnet# logging timestamp
Usage: clear logging
How do you troubleshoot it... how do i know if the settings are wrong in pix or the syslog daemon
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for the help... i get this warning 8124 blocks for logging
I am seeing the logs on the Syslog Daemon now... if you know anything abt 8124 blocks error... please let me know
sagnet# config t
sagnet(config)# logging on
sagnet(config)# logging host 10.0.1.245
Warning: failed to register 8124 blocks for logging.
sagnet(config)# logging trap information
Warning: failed to register 8124 blocks for logging.
sagnet(config)# logging timestamp
Warning: failed to register 8124 blocks for logging.
sagnet(config)#
I am seeing the logs on the Syslog Daemon now... if you know anything abt 8124 blocks error... please let me know
sagnet# config t
sagnet(config)# logging on
sagnet(config)# logging host 10.0.1.245
Warning: failed to register 8124 blocks for logging.
sagnet(config)# logging trap information
Warning: failed to register 8124 blocks for logging.
sagnet(config)# logging timestamp
Warning: failed to register 8124 blocks for logging.
sagnet(config)#
ASKER
Irmoore...
That sawmill services works like a charm...
its awesome... thanks for your advises. I m luvin' these tools :)
any other that you recommend?
That sawmill services works like a charm...
its awesome... thanks for your advises. I m luvin' these tools :)
any other that you recommend?
Glad it's working for you..
I'll have to research that "failed to register 8124 blocks for logging" error..
I have never seen this one..
- Cheers!
I'll have to research that "failed to register 8124 blocks for logging" error..
I have never seen this one..
- Cheers!
ASKER
its k then.... i will do the research as well..
thanks once again
thanks once again