Recent content by DavidHalko

OK - so the current number is 53 signatures... The URL you provided was pretty close... http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_command_summary_chapter09186a00800880a6.html This is a great little article on the Cisco IOS! The problem is, these commands only work with...

Hey - >I've found out so far is 515/525s come with 50 IDS signatures as default. ... >logging on >logging trap (debugging comes as default...) >logging facility (from 17 or 23 or 22 or 21 or 20) >logging server w.x.y.z OK - well, this I have had set up. > but is supposed to be in the PIX...

I have some 515's and 525's. The IOS's are varied. The PIX is supposed to detect/repell for dozens of intrusions according to dozens of signitures. I remember reading a list of IDS codes, at one time, when my previous security expert showed me a printout. Ever so often, during an IOS...

Thanks a lot... It has been like "pulling teeth" trying to figure out how to configure the PIX to send the IDS messages through a standards based mechanism, as well as determine what message is an ID message! EMS Architect

I am familiar with sending traps and syslog messages from a PIX to an snmp manager or a syslog daemon. The intrusion detection messages (which are detected via signatures) are at question. I have not been able to find these things, anywhere in the Cisco Documentation or how to even determine...

Try this... If you are running HO OV NNM under UNIX (Solaris, for example), there are easy ways to handle this. The 3 files of interest are: "/etc/networks", "/etc/netmasks", and "/etc/hosts". If you know the network number for each location ( 10.10.1.x...

Hey - Yes - logging to a UNIX syslog server already. You really never want to log at a debugging level of 7. That is way too much trash to read through... ... establishing a connection from x to y ... tearing down a connection from x to y and so forth. There is just so much stuff coming...

Perhaps Cisco's web page... http://www.cisco.com/ http://www.cisco.com/univercd/home/home.htm http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/index.htm This does not seem like that difficult of a request! :-) EMS Architect

The "pollable" snmp MIBS are pretty weak. I have not found any interesting "SNMP traps" either. Heck - I can't even find any easy command line'ers to tell what IPSEC tunnels are built and operating correctly! It seems like management was the LAST thing they thought about...

> Does PIX write something to the syslog when tunnelling fails? I do not know! I am also in need of such information using the VPN technology in standard Cisco IOS routers... I have a couple of those too! EMS Architect

How would one receive IDS alerts from a PIX via SNMP Traps or Syslog Events? What is the message encoding for the IDS events in the traps or syslog events? I have a PIX and if someone tries a "ping of death" or some other known intrusion, I would like to be able to log it and...

Is there a way to determine the status of a PIX VPN tunnel either through SNMP Traps, SNMP Gets or Syslog Alerts? When a PIX to PIX tunnel is established and it fails, I would like to get an indication of when the tunnel fails. I would also like to be able to query the device to find out...

The HP Web Interface is not very robust. If you absolutely HAVE to have a Web Interface 1) which HAS to be stable (operations group) or 2) which HAS to be exported through a firewall for an external customer view I would recommend purchasing an add-on product which would be stable called...

Try to set up the OV NNM box without DNS and see the results. Due to the unpredictability of DNS while being fed off of another platform that is not under your control, I would recommend that you do not run with DNS at all. I have found that a script which populates an /etc/hosts table and...

PawelW - Can you post the code you used to split the trap stream? (perhaps a solaris binary? :-) ) EMS Architect