Jhumri Tilayia said: > I am trying to write rules to alert me when my PIX firewall detects > portscans, brute-force attempts on firewall logins, spoofing attempts > and other attacks that the firewall picks up. Does PIX 6.x release > create discernable log entries when above mentioned probes are > detected by it ? If so, and if someone has samples, I would much > appreciate it if they could share them with me. You may find an extensive documentation of PIX logging at cisco site, precisely here: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guides_list.html EVERY possible message I've ever run into was documented here. I might even be able to provide you some example logs (sanitized) when I am back to my office. Actually I just checked on loganalysis.org website, and PIX is not present among the sample logs. Tina, is that log samples section still mantained ? If it is something of interest, I can collect some samples (and maybe clean them of my "production" addresses first) next week. Best Regards, Daniele Muscetta _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Sun Feb 22 2004 - 10:55:59 PST