[Dshield] Cisco 806

Jeff Kell jeff-kell at utc.edu
Wed Mar 5 01:52:07 GMT 2003


Deb Hale wrote:

 > I am trying to figure out how to setup a CISCO 806 to capture the log
 > files to review and submit to DSHIELD.  Have any of you ever used an
 > 806?  If you have, can you tell me how to set it up correctly?
 > Appreciate the help.

Same as most any Cisco IOS box, configure your ACL entries with 'log' 
keyword on your deny statements, configure logging a.b.c.d (address of 
your syslog server), and of course, setup the log server.  There are a 
number of syslog servers you can get for Windows, if you're doing linux 
you've already got one.

DShield.org has a perl package to process Cisco logs (more oriented for 
PIX than IOS, but has parsing for both).  I've been picking at the 
client from time to time to try to add our logs to existing dshield 
reports, but only 24 hours in a day... :-)

Jeff



More information about the list mailing list