Cisco log analysis for cheap bastards
Here is a great paper published last week that I came across from Mark Lachniet titled "Cisco Network Log Analysis for Cheap Bastards".
The paper is intended to explain why network logging and log analysis is important, what systems to log and provide detailed screen-shot sampled instructions for people who want to do this on their Cisco equipment (especially the PIX firewall) without spending a lot of money. Although you may not get all of the spiffy features that you will find in high-end offerings from companies like Cisco, NetIQ, NetForensics, Network Intelligence, Symantec and others, you can get a very good security bang for the buck with simple and inexpensive systems. Although this document is specifically intended for logging on a Cisco PIX, pretty much the same commands should work for other devices such as routers. You will see different screens, and may detect them differently, but it is essentially the same process.
Given how pityfully few customers I know and see in the field actualy perform log collection, let alone log analysis, my view is that any system is better than nothing, even if its really basic and simple. If its almost free to implement then so much the better. Maybe by clients starting with this really simple process they will begin to understand the benefits of logging/analysis and start appreciating what the bigger SIM/SEM products can provide.
CATEGORIES : 1SIM, 1SEM, 1best practice, logging, 1log analysis,1tips
The paper is intended to explain why network logging and log analysis is important, what systems to log and provide detailed screen-shot sampled instructions for people who want to do this on their Cisco equipment (especially the PIX firewall) without spending a lot of money. Although you may not get all of the spiffy features that you will find in high-end offerings from companies like Cisco, NetIQ, NetForensics, Network Intelligence, Symantec and others, you can get a very good security bang for the buck with simple and inexpensive systems. Although this document is specifically intended for logging on a Cisco PIX, pretty much the same commands should work for other devices such as routers. You will see different screens, and may detect them differently, but it is essentially the same process.
Given how pityfully few customers I know and see in the field actualy perform log collection, let alone log analysis, my view is that any system is better than nothing, even if its really basic and simple. If its almost free to implement then so much the better. Maybe by clients starting with this really simple process they will begin to understand the benefits of logging/analysis and start appreciating what the bigger SIM/SEM products can provide.
CATEGORIES : 1SIM, 1SEM, 1best practice, logging, 1log analysis,1tips
posted by Dwaine at 10/04/2005
0 Comments:
Post a Comment
<< Home