We have just installed a CISCO router and are using its logging
capabilities to notify us via remote syslogging of attempts to use
services and ports that are blocked.
For example, at the end of each access list we explicitly deny all other
port access and request that this be logged. (Note that IP addresses below
are not relevant).
access-list 100 permit icmp 000.000.000.000 255.255.255.255 x.x.x.x
! This allows logging of access violations
access-list 100 deny ip 000.000.000.000 255.255.255.255 000.000.000.000
Our log file fills with lots of neat info ie:
Nov 14 17:12:06 nb0 5346: %SEC-6-IPACCESSLOGP: list 100 denied tcp
x.x.x.x(23309) -> x.x.x.x(113), 1 packet
The question is are there any scripts or programs that can parse this
log file and produce some pretty statistics and/or sound alarms/mail when
something is going wrong or there are too many attempts, etc.
Ed Osterman eo @
I guess sometimes there just aren't enough stones to throw.