Console | Device | Polling | Trapping | Logs | Trending


Logs

Daily-Syslog-Extracts

Examine-IPS-Logs

Troubled Interface Report


Log Analysis

Daily-Syslog-Extracts consults a configuration file, pokes through yesterday's syslog, and mails whatever has survived to interested parties.

Examine-IPS-Logs pokes through yesterday's syslog, extracting Tipping Point messages and looking for *outbound* blocked events, i.e. internally infected hosts which are attempting to phone home to the mothership or are launching attacks. It sends mail to recipients according to subnets (i.e. a given recipient can register interest in infected hosts living on specific subnets).

Troubled-Interface-Report consults a configuration file, pokes through yesterday's syslog looking for Cisco Catalyst messages specific to interfaces, and mails the result to interested parties. Possible issues include: rogue DHCP servers, excessive link up/down events, invalid source MAC addresses, excessive MAC address movement between ports.


Prepared by:
Stuart Kendrick

Last modified: 18-August-2010