How do I monitor the activity on my PIX 501

Hello Experts,

I would like to know how to monitor what is being denied and allowed through my PIX 501 firewall.  I need to be more proactive about detecting network attacks and/or malicious activity hitting my network.

I have a PIX 501 firewall protecting a SBS 2003 server network.

I know enough about the PIX to get it configured and running with VPNs, basic access lists, and static statements, but that's about it.

Please help me understand how to monitor this device.  I would like a solution that is manageable as I cannot dedicate my efforts to 24/7 network monitoring.  I'm a one man shop.

Thanks in advance for your help!

Jamie177
jamie177Asked:
Who is Participating?
 
rsivanandanCommented:
Configure logging on the PIX and get the Kiwi Syslog Monitor (Free) from the net. Install the kiwi on a machine in your network and have PIX forward all the logging to this server. Done.

logging on
logging host <hostipwherekiwiisinstalled>

Once you play around with this, you can make it more appropriate based on the data you get.

Cheers,
Rajesh
0
 
jamie177Author Commented:
Thanks Rajesh!

I'll get this going and report back how it goes.

Regards,

Jamie177
0
 
rsivanandanCommented:
Sure. If you also interested in seeing traffic patterns, you can use MRTG or PRTG and it works well (MRTG is free)

Cheers,
Rajesh
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
Keith AlabasterEnterprise ArchitectCommented:
Just as an aside, bear in mind that the logging will have an impact (potentially) on performance so don't forget to switch it off in due course.
0
 
jamie177Author Commented:
Thanks for thei input Keith.

Is there a way to monitor the system without impacting the performance?  We are a pretty low throughput shop, so I don't see that it will be an impact by leaving it on.

The point of monitoring would be to be proactive about network attacks and traffic patterns.  Keith you make it sound like logging is for troubleshooting issues, then you turn it off.

I'm a newbie at this stuff so by all means please educate me.

Thanks,

Jamie177
0
 
Keith AlabasterEnterprise ArchitectCommented:
Don't count this towards your answer as Rajesh has already given you that. this is simply as you have asked.

Yes, that is the predominant reason for logging; troubleshooting. devices such as PIX are designed to spend all of their resources such as memory, cpu etc on routing traffic through the correct interfaces subject to the meeting of the criteria set within the ACL's they are configured with. by switching on logging, that memory now has to process every packet that enters and leaves, store it (for the statistics), decide if it needs to keep it or do something with it etc. Logging can be set at differing levels from just critical conditions right the way through informational. The higher, more detailed the level, the greater the overhead to the PIX. A PIX 501 whilst a brilliant little unit does not have a great deal of memory to start with.... That said, if you have a very low useage requirement, you will likely be fine.

Conversely, products such as PRTG/MRTG and the like are running on seperate boxes with their own CPU/memory so they carry the processing overhead. All the PIX has to do is to respond to the SNMP requests. this is still an overhead to the PIX but far less than logging does.

I'm sure rajesh will back me up on this, he is the Cisco man; I'm ISA Server man ... lol

Regards
keith
.
0
 
rsivanandanCommented:
Lol :-) I sure agree Keith. It really depends on whether your PIX can take it or not? Keith's point was rather like if you are gonna use it continously then make sure your PIX is not 'sad' about it.

Cheers,
Rajesh
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.