[Dshield] Cisco 806
wlarmon at dshield.org
Wed Mar 5 02:57:35 GMT 2003
> Deb Hale wrote:
> > I am trying to figure out how to setup a CISCO 806 to capture the log
> > files to review and submit to DSHIELD. Have any of you ever used an
> > 806? If you have, can you tell me how to set it up correctly?
> > Appreciate the help.
> Same as most any Cisco IOS box, configure your ACL entries with 'log'
> keyword on your deny statements, configure logging a.b.c.d (address of
> your syslog server), and of course, setup the log server. There are a
> number of syslog servers you can get for Windows, if you're doing linux
> you've already got one.
> DShield.org has a perl package to process Cisco logs (more oriented for
> PIX than IOS, but has parsing for both). I've been picking at the
> client from time to time to try to add our logs to existing dshield
> reports, but only 24 hours in a day... :-)
The Windows client also supports Cisco routers.
Jeff, what more does the existing Perl client need? And can I help? The
Cisco client got to its current state by me adding regexes for all the Cisco
sample log lines that people sent me. Are you saying that it needs more
regexes to match different types of lines?
I'll be happy to assist anybody that needs help getting the clients working.
More information about the list