Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4165
  • Last Modified:

Cisco Pix Firewall Management

I got access to the PIX firewall last week... I wanted to know what I could really do with it..

One thing I would really like to do is to monitor the VPN usage.... please let me know how i can... any web documentations will be fine... I just want to know where to start.

In the past, our VPN users have complained that they were having difficulties connecting or the VPN was slow. I have never had a problem connecting to VPN from my house... so i am wondering if this problem is on the pix.   I want to check the logs of VPN and analyze them... Please let me know of any software that can give me the cisco logs in a CSV file or any file that i can open in windows.

Thanks,
0
jibranilyas
Asked:
jibranilyas
  • 6
  • 4
1 Solution
 
rshooper76Commented:
We had some similar issues with our users.  We logged all VPN logons and also used MRTG to monitor the firewall and all of our routers.  We actually had our logs put into a SQL database with the syslog program that we were using.  This made is very easy for us to analyse them.  MRTG allowed us to pin point our bottlenecks as well as any other problems.  
0
 
lrmooreCommented:
You can use any syslog deamon, I like kiwi http://www.kiwitools.com
Then, you can add a syslog analyzer like sawmill... http://www.sawmill.net/formats/Syslog.html
And/or, you can use the web gui of the pix itself. Update to the latest 6.3(4) OS and the PDM 3.02 GUI
Lots of monitoring graphs/charts, etc. right on the PIX
0
 
jibranilyasAuthor Commented:
I downloaded the Syslog Daemon and installed it.
Also requested a 30 day key and now it is operating as a registered version.

If the IP address of the PIX is 10.1.1.1, where do i put that in.
What do i have to do anything in the pix? I get into pix through hypertrm.

Please guide me thru the initial setup.. Thanks

0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
lrmooreCommented:
Assuming that the IP address of your kiwi syslog workstation is 10.1.1.x
Enable logging on the PIX to send all syslogs to that workstation:

logging on
logging host 10.1.1.x
logging trap information
logging timestamp

That's all you need to do on the PIX, and it should start sending data to the Kiwi workstation..
0
 
jibranilyasAuthor Commented:
User Access Verification
Thanks,

here is my log... I have temporarily disabled the sp2 firewall also...
I hope it works...

do you know what that "bind to address" is.. In setup-->input-->udp.
any other settings in the syslog daemon that i should do ?


Username: XXXXXX
Password: ******
Type help or '?' for a list of available commands.
sagnet> enable
Password: ******
sagnet# logging on
Usage:  clear logging
sagnet# logging host 10.0.1.245
Usage:  clear logging
sagnet# logging trap information
Usage:  clear logging
sagnet# logging timestamp
Usage:  clear logging
sagnet#
0
 
jibranilyasAuthor Commented:

*******************
logging on
logging host 10.1.1.x
logging trap information
logging timestamp
*******************

this didn't work... so i went to the cisco site and applied instructions for providing facilty.

sagnet# logging host 10.0.1.245
Usage:  clear logging
sagnet# logging facility 5
Usage:  clear logging
sagnet# logging trap debugging
Usage:  clear logging
sagnet# logging timestamp
Usage:  clear logging

How do you troubleshoot it... how do i know if the settings are wrong in pix or the syslog daemon
0
 
lrmooreCommented:
>sagnet# logging host 10.0.1.245
>Usage:  clear logging
The output above is clearly because you are not in configuration mode

sagnet#config t
sagnet(config)#logging on
sagnet(config)#logging host 10.1.1.245
sagnet(config)#logging trap information
sagnet(config)#logging timestamp


You do not need to add the "facility 5" command

Once you set those commands on the PIX, open the Kiwi syslog window and you should start seeing entries almost immediately..

0
 
jibranilyasAuthor Commented:
thanks for the help... i get this warning 8124 blocks for logging

I am seeing the logs on the Syslog Daemon now...    if you know anything abt 8124 blocks error... please let me know

sagnet# config t
sagnet(config)# logging on
sagnet(config)# logging host 10.0.1.245
Warning: failed to register 8124 blocks for logging.
sagnet(config)# logging trap information
Warning: failed to register 8124 blocks for logging.
sagnet(config)# logging timestamp
Warning: failed to register 8124 blocks for logging.
sagnet(config)#
0
 
jibranilyasAuthor Commented:
Irmoore...

That sawmill services works like a charm...

its awesome...  thanks for your advises.   I m luvin' these tools :)

any other that you recommend?
0
 
lrmooreCommented:
Glad it's working for you..
I'll have to research that "failed to register 8124 blocks for logging" error..
I have never seen this one..

- Cheers!
0
 
jibranilyasAuthor Commented:
its k then.... i will do the research as well..
thanks once again
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now