Cisco Pix Firewall Management

I got access to the PIX firewall last week... I wanted to know what I could really do with it..

One thing I would really like to do is to monitor the VPN usage.... please let me know how i can... any web documentations will be fine... I just want to know where to start.

In the past, our VPN users have complained that they were having difficulties connecting or the VPN was slow. I have never had a problem connecting to VPN from my house... so i am wondering if this problem is on the pix.   I want to check the logs of VPN and analyze them... Please let me know of any software that can give me the cisco logs in a CSV file or any file that i can open in windows.

Thanks,
jibranilyasAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rshooper76Commented:
We had some similar issues with our users.  We logged all VPN logons and also used MRTG to monitor the firewall and all of our routers.  We actually had our logs put into a SQL database with the syslog program that we were using.  This made is very easy for us to analyse them.  MRTG allowed us to pin point our bottlenecks as well as any other problems.  
0
lrmooreCommented:
You can use any syslog deamon, I like kiwi http://www.kiwitools.com
Then, you can add a syslog analyzer like sawmill... http://www.sawmill.net/formats/Syslog.html
And/or, you can use the web gui of the pix itself. Update to the latest 6.3(4) OS and the PDM 3.02 GUI
Lots of monitoring graphs/charts, etc. right on the PIX
0
jibranilyasAuthor Commented:
I downloaded the Syslog Daemon and installed it.
Also requested a 30 day key and now it is operating as a registered version.

If the IP address of the PIX is 10.1.1.1, where do i put that in.
What do i have to do anything in the pix? I get into pix through hypertrm.

Please guide me thru the initial setup.. Thanks

0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

lrmooreCommented:
Assuming that the IP address of your kiwi syslog workstation is 10.1.1.x
Enable logging on the PIX to send all syslogs to that workstation:

logging on
logging host 10.1.1.x
logging trap information
logging timestamp

That's all you need to do on the PIX, and it should start sending data to the Kiwi workstation..
0
jibranilyasAuthor Commented:
User Access Verification
Thanks,

here is my log... I have temporarily disabled the sp2 firewall also...
I hope it works...

do you know what that "bind to address" is.. In setup-->input-->udp.
any other settings in the syslog daemon that i should do ?


Username: XXXXXX
Password: ******
Type help or '?' for a list of available commands.
sagnet> enable
Password: ******
sagnet# logging on
Usage:  clear logging
sagnet# logging host 10.0.1.245
Usage:  clear logging
sagnet# logging trap information
Usage:  clear logging
sagnet# logging timestamp
Usage:  clear logging
sagnet#
0
jibranilyasAuthor Commented:

*******************
logging on
logging host 10.1.1.x
logging trap information
logging timestamp
*******************

this didn't work... so i went to the cisco site and applied instructions for providing facilty.

sagnet# logging host 10.0.1.245
Usage:  clear logging
sagnet# logging facility 5
Usage:  clear logging
sagnet# logging trap debugging
Usage:  clear logging
sagnet# logging timestamp
Usage:  clear logging

How do you troubleshoot it... how do i know if the settings are wrong in pix or the syslog daemon
0
lrmooreCommented:
>sagnet# logging host 10.0.1.245
>Usage:  clear logging
The output above is clearly because you are not in configuration mode

sagnet#config t
sagnet(config)#logging on
sagnet(config)#logging host 10.1.1.245
sagnet(config)#logging trap information
sagnet(config)#logging timestamp


You do not need to add the "facility 5" command

Once you set those commands on the PIX, open the Kiwi syslog window and you should start seeing entries almost immediately..

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jibranilyasAuthor Commented:
thanks for the help... i get this warning 8124 blocks for logging

I am seeing the logs on the Syslog Daemon now...    if you know anything abt 8124 blocks error... please let me know

sagnet# config t
sagnet(config)# logging on
sagnet(config)# logging host 10.0.1.245
Warning: failed to register 8124 blocks for logging.
sagnet(config)# logging trap information
Warning: failed to register 8124 blocks for logging.
sagnet(config)# logging timestamp
Warning: failed to register 8124 blocks for logging.
sagnet(config)#
0
jibranilyasAuthor Commented:
Irmoore...

That sawmill services works like a charm...

its awesome...  thanks for your advises.   I m luvin' these tools :)

any other that you recommend?
0
lrmooreCommented:
Glad it's working for you..
I'll have to research that "failed to register 8124 blocks for logging" error..
I have never seen this one..

- Cheers!
0
jibranilyasAuthor Commented:
its k then.... i will do the research as well..
thanks once again
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Fonts Typography

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.