Re: Monitor Cisco Firewall and Router "Bad Password" Attempt Failures
The test bed router is an old 2600. I have ASA 5510, 7200VXR and other assorted Cisco Gear. Enclosed shot of config and show logging.. testbed2600#testbed2600#w06:26:40: %SYS-5-CONFIG_I: Configured...
View ArticleRe: How to detect clients that stop sending Syslog messages to the server
Rick, Here you go... http://thwack.solarwinds.com/docs/DOC-170644 I've uploaded the script to the content exchange. It requires some minor editng, but if you have any questions or need any assistance...
View ArticleRe: Monitor Cisco Firewall and Router "Bad Password" Attempt Failures
I changed to trap 7 and retested. Nothing...see config testbed2600#testbed2600#show runBuilding configuration... Current configuration:!version 12.0service timestamps debug uptimeservice timestamps...
View ArticleRe: Monitor Cisco Firewall and Router "Bad Password" Attempt Failures
try this command under config term: login on-failure log I also have: login on-success loglogging userinfoBecause when I see a failure, the very next thing I want to see are successes around the same...
View ArticleRe: Monitor Cisco Firewall and Router "Bad Password" Attempt Failures
added... so far no difference....I am adding the same on a Cisco ASA on another system on another network...Will update if it works there...testbed2600#testbed2600#config tEnter configuration...
View ArticleRe: Monitor Cisco Firewall and Router "Bad Password" Attempt Failures
The ASA might be different, especially if it's running on a different version of IOS. On the other hand, it might actually be easier to configure if you use ASDM instead of the CLI. You could also do...
View ArticleRe: Monitor Cisco Firewall and Router "Bad Password" Attempt Failures
I have the ASA setup ad debugging it right now. Trying to debug messages right now.
View ArticleUpgrade from Kiwi Syslog 9.2.1 to 9.3.4
Two questions please:1) I believe that to upgrade our server I simply need to run the setup exe of the new syslog server software on the existing server. Is this correct?2) Will my rules, settings,...
View ArticleRe: Upgrade from Kiwi Syslog 9.2.1 to 9.3.4
1. Correct. 2. They will be persistent, but it doesn't hurt to back them up anyway. I've been through 4 upgrades and have had no problem. But things happen. From the file menu, you can export your...
View ArticleRe: Upgrade from Kiwi Syslog 9.2.1 to 9.3.4
Thank you very much, upgrade seems to have completed successfully.
View ArticleKiwi Syslog Web Access filter keeps timing out
Hello all, We've been running Kiwi syslog server for a couple years, and have ~10 devices sending log files to kiwi. From the web access I'm trying to pull a report for 1 device from 2013/03/19 to...
View ArticleExtracting Portion of Syslog Message Text and Source IP, then Running a Script
I am currently running Kiwi Syslog 8.3.52 I am logging some edge switches deployed that do not perform DHCP snooping, however the distribution layer switch they connect to does. I am able to have the...
View ArticleRe: Extracting Portion of Syslog Message Text and Source IP, then Running a...
You will need to create a script to extract the data to the variables youwant. The text parsing could be a simple vbscript using the split functionon ":". The sending host IP would be an existing...
View ArticleRe: Extracting Portion of Syslog Message Text and Source IP, then Running a...
OK, looks like Fields.VarPeerAddress is for the sending host, so I'll look into the split function and see if I can get both values to a file I can then reference in what will call the SSH program and...
View ArticleRe: How to detect clients that stop sending Syslog messages to the server
A little bit of editing and understanding and now I am up and running and fine-tuning it. Thank you so much for your help Acy!
View ArticleRe: How to detect clients that stop sending Syslog messages to the server
Awesome. I'm glad it's working for you, and again, I'm sorry it took so long. I have that script doing sooo much that editing it all out proved to be more time consuming that I had thought so we both...
View ArticleKiwi Secure Tunnel question
I know Secure Tunnel is not an active product any longer but I have a question about it. We run security scans on our IPs and it returns back to us for each Kiwi Tunnel Server with a FreeSSHD Remote...
View ArticleRe: Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)
I have this working in pfsense 2.0.2.Go to Diagnostics -> Edit File, open file /etc/inc/filter.inc and change the following:From: mwexec_bg("/usr/sbin/tcpdump -s 256 -v -l -n -e -ttt -i pflog0 |...
View ArticleRe: Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)
Thanks Renatosilvaagio! Eilz, Let me know if this works for you. and if it doesn't... I have a script functioning right now, but because we are waiting for the completion of a message and it's not...
View Article