Primer on intrusion events that could cause syslog severity emergency, alert and critical

Posted on 2007-07-20
Last Modified: 2013-11-29
I am looking for a reference / explanation of the types of events that will trigger syslog messages of severity emergency, alert and critical.  We are using Kiwi's syslog daemon and a Cisco PIX firewall.  We normally get a few critical alerts every day.  I am looking for an explanation of the types of exploits, hack attacks, etc... that will trigger this type of message.  Anyone know of a good primer on the subject?
Question by:joddo-jt
    LVL 79

    Accepted Solution

    I would recommend getting a syslog analyzer like Sawmill and let it tell  you what you are seeing.

    What you would be looking for are IDS messages. ICMP ping sweeps of the outside IP, port scans look like connection attemps from same source IP, but different destination ports, usually sequential. Some stealth scans rotate the source IP so are harder to detect.
    LVL 32

    Assisted Solution


    The above should explain you the different types of intrusion alert that a PIX would trigger.


    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Suggested Solutions

    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now