[Dshield] Cisco 806
jeff-kell at utc.edu
Wed Mar 5 01:52:07 GMT 2003
Deb Hale wrote:
> I am trying to figure out how to setup a CISCO 806 to capture the log
> files to review and submit to DSHIELD. Have any of you ever used an
> 806? If you have, can you tell me how to set it up correctly?
> Appreciate the help.
Same as most any Cisco IOS box, configure your ACL entries with 'log'
keyword on your deny statements, configure logging a.b.c.d (address of
your syslog server), and of course, setup the log server. There are a
number of syslog servers you can get for Windows, if you're doing linux
you've already got one.
DShield.org has a perl package to process Cisco logs (more oriented for
PIX than IOS, but has parsing for both). I've been picking at the
client from time to time to try to add our logs to existing dshield
reports, but only 24 hours in a day... :-)
More information about the list