Articles

How To setup PIX centralized Monitoring

Article created 2005-04-06 by Hamid Ali Raja.

Adiscon Products can be used to efficiently analyze PIX traffic as well. This article is strictly task focused. It does not describe why the systems should be monitored nor does it provide any further background. Please see the respective backgrounders or product documentation on this. This article is a step-by-step description of what you need to do in order to centrally monitor your PIX Logs.

Centralized Event Reports

In this step-by-step guide, MonitorWare Agent is configured to work together with Adiscon’s MonitorWare Console to generate summaries for the traffic passing to and from PIX.

What you need

In this guide, I am focusing on building a solution with Adiscon's MonitorWare Agent and MonitorWare Console.

This combination allows you to centralize all your logs and generate reports on them. Free 30 day trial versions are available at the respective product sites (links below), so you can try the system without the need to buy anything.

You need to run the following products:

1 MonitorWare Agent for the system that will act as the Syslog Daemon.
1 MonitorWare Console to generate consolidated reports based on the gathered log data. This will also be installed on the same machine where you have installed MonitorWare Agent
To deliver MonitorWare Console's reports, you need a local web server (for example Microsoft's IIS or Apache) and a mail server capable of talking SMTP (most modern servers support this)

You need administrative privileges on each of the machines. This is required both for installation and configuration. Make sure you log on with a sufficiently privileged user account.

Step 1 - Download Software

You need to download the following software to follow this step by step guide:

1. www.mwagent.com/en/download
2. www.mwconsole.com/en/download

Step 2 - Install MonitorWare Agent

Run the MonitorWare Agent program on the system that is to act as the central server. Take a note of this server's IP address or host name. You’ll need this value when configuring PIX to forward the messages to it.

Step 3 – Configure a Syslog Server

The steps to configure the MonitorWare Agent as a Syslog Server are as follows:

Configuring a Syslog Server

Step 4 – Create a RuleSet for Database Logging

In this section, you will create an action to write the messages that are coming from PIX to a database.

Database Logging Steps

After configuring this RuleSet, make sure that

This rule set is associated with the Syslog Server Service that you created in Step 3. You can do this by clicking on the Syslog Server Service that you created in Step 3 on the left hand side and by selecting the name of the rule set that you created in Step 4 in "Rule Set to Use" combo box on the right hand side.
The service is running. You can do this by clicking on the Play button at the top of the Client.

Step 5 – Configure PIX

In this step, you will need to configure PIX in such a way so that it sends the messages to the Syslog Server that you created in the above step. You would need to give the IP address or the hostname in PIX

PIX Configuration Steps

Step 6 – Preparing Web Server for MonitorWare Console

MonitorWare Console publishes its reports through the local web server (central hub server).

To avoid confusion, we recommend creating a separate directory on the web server for MonitorWare Console. Let us assume you use Microsoft Internet Information Server and run it in the default configuration. Then, you web pages are stored in the c:\inetpub\wwwroot directory. Create a subdirectory "MonitorWareConsole" directly beneath this directory.

Step 7 – Installing and Configuring MonitorWare Console

MWConsole- Installation and Configuration Steps

Step 8 – Generating PIX Reports with MonitorWare Console Manually

Following are the reports in MonitorWare Console that can be generated for PIX logs.

Accessed Web Sites Report
Blocked Ports Activity Report
Possible Attacks Report
Traffic By Hour Report
Traffic By Port Report
Outbound Traffic By IP
Traffic by Target IP
Who is Attacking Me Report

This section explains how the PIX reports can be generated with MonitorWare Console manually. In this section I will explain the generation of "Who is Attacking Me" report only. Please note that, the procedure for generating any report is almost the same.

Generating PIX Reports with Console 2.1 Manually

Step 9 – Scheduling the Generation of Reports with MonitorWare Console

This section explains how the reports can be generated with MonitorWare Console automatically using Job Manager. With Job Manager, you can generate all the reports based on a pre-defined schedule and ask it to either store it in some location on the hard disk or send it to specified recipient via email. The following section explains the scheduling of System Status Report. You can use exactly the same method to generate any of the PIX reports that are mentioned above.

Scheduling Reports with Console 2.1

You are done!

Well, this is all you need to do to configure the basic operations. We hope this article is helpful. If you have any questions or remarks, please do not hesitate to contact us at support@adiscon.com

HomeProduct InfoGeneral InformationMonitorWare ProductsEdition ComparisonOrder and PricingUpgrade Insurance InfoNews ReleasesVersion HistoryProduct TourScreenshotsDownloadReference libraryGeneral InformationStep-by-step guidesAllMW Agent 4.0Installation and ConfigurationServices relatedActions relatedMW Agent All VersionsCommon UsesCentralized monitoringSecurity ReferenceHelpSupportManualFAQAllGeneral questionsConfiguration relatedInstallation and ConfigurationServices relatedActions relatedCentral MonitoringArticlesSeminars OnlineAllGeneralMonitorWare AgentOrder & pricingOrder nowEditionsPricing InformationUpgrade Insurance InfoLocal ResellerContact UsSearch

Printer Version Send this page to a friend