Troubled Interface Report
Examine-IPS-Logs pokes through yesterday's syslog, extracting Tipping Point messages and looking for *outbound* blocked events, i.e. internally infected hosts which are attempting to phone home to the mothership or are launching attacks. It sends mail to recipients according to subnets (i.e. a given recipient can register interest in infected hosts living on specific subnets).
Troubled-Interface-Report consults a configuration file, pokes through yesterday's syslog looking for Cisco Catalyst messages specific to interfaces, and mails the result to interested parties. Possible issues include: rogue DHCP servers, excessive link up/down events, invalid source MAC addresses, excessive MAC address movement between ports.
Last modified: 18-August-2010