• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 450
  • Last Modified:

Primer on intrusion events that could cause syslog severity emergency, alert and critical

I am looking for a reference / explanation of the types of events that will trigger syslog messages of severity emergency, alert and critical.  We are using Kiwi's syslog daemon and a Cisco PIX firewall.  We normally get a few critical alerts every day.  I am looking for an explanation of the types of exploits, hack attacks, etc... that will trigger this type of message.  Anyone know of a good primer on the subject?
0
joddo-jt
Asked:
joddo-jt
2 Solutions
 
lrmooreCommented:
I would recommend getting a syslog analyzer like Sawmill and let it tell  you what you are seeing.
http://www.sawmill.net/

What you would be looking for are IDS messages. ICMP ping sweeps of the outside IP, port scans look like connection attemps from same source IP, but different destination ports, usually sequential. Some stealth scans rotate the source IP so are harder to detect.
0
 
rsivanandanCommented:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/syslog/pixemsgs.htm

The above should explain you the different types of intrusion alert that a PIX would trigger.

Cheers,
Rajesh
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now