Security monitoring tool for Cisco ASA

Please suggest a checp and best security monitoring tool for Cisco ASA devices.

You can use ossec, open source tool installed on linux:
http://www.ossec.net/

Similar Messages

  • Monitoring tool For Cisco Switches

    Hi All,
    I have installed 2 Core Switches and 9 Access Switches (4960-X,3560-X and 2960-X) in our organisation. Now we are looking for a Monitoring tool.
    To monitor the Traffic status, Link status, Quarterly Health Check, etc. for all the switches on a single page.
    Can anyone please suggest which Cisco Monitoring Tool will suite our requirement.
    Responsses will be highly appreciated.......
    Regards,
    Maazeem.

    Have you had a look at Cisco Prime Infrastructure?
    http://www.cisco.com/en/US/products/ps12239/index.html
    Are you looking only to monitor Cisco devices or other devices as well? There are other tools available also so it depends on your environment, budget etc.
    Daniel Dib
    CCIE #37149

  • Interactive Commands in NetConfig for Cisco ASA

    Hi,
    Maybe anyone knows, does CiscoWorks LMS supports this feature for Cisco ASA or I'm doing something wrong? I've sent interactive command "copy tftp: flash: <R>ip_address<R>asa841-k8.bin<R><R>"  to my ASA using netconfig tool and recived error "Command(s) failed on the device Insufficient no. of interactive responses(or timeout) for command: copy tftp: flash: ." For Cisco Catalyst it works fine. I have a last version of CiscoWorks 4.0.1.

    No, SWIM doesn't support ASDM upgrades, but what you're doing here is a system software upgrade.  What you might try doing is to increase the telnet timeout for this device.  Unfortunately, that feature is hidden in LMS 4.0, but see this document on how to do that:
    https://supportforums.cisco.com/docs/DOC-15162
    The document talks about inventory collection, but the interface to adjust the telnet timeout is in the same location as the SNMP timeout.  You'll want to time the transfer to know how long to make the timeout.

  • How we archieve configuration for Cisco ASA 5500 series appliances

    Hi,
    We need to archieve configuration for Cisco ASA 5500 series appliances.
    We have Cisco works LMS 3.0.1.
    Device package installed is 4.2
    Any help would be appricated.
    Thanks in advance.
    Samir

    Hi ,
    Thanks for your answer.
    Right now we are using TACAS to login in to the ASA. That means we need single username and password to login via
    Cisoworks. Am I correct ?
    Waiting for your reply.
    thanks,
    Samir

  • Is it recommend to have a vulnerability scan for Cisco ASA device.

    Dear everyone. 
    I have a doubt on vulnerability scan for Cisco ASA device. Currently we have a vulnerability for network devices include firewall. But after run the vulnerability scan for cisco ASA, found nothing show in the scan report. 
    Is it recommend to have a vulnerability scan for Cisco ASA and will it be defeat the purpose of firewall?

    Do I understand are you asking can you configure the ASA to allow an external user run a scan against the internal network?
    If so, the answer is generally no. The ASA will, by default, not allow any inbound connections (or attempted connections) that are not explicitly allowed in an inbound access-list (applied to the outside interface). In most cases there would also need to be network address translation (NAT) rules configured.
    If you had a remote access VPN, you could allow the external scanner to log in via that, Then they would then have the necessary access to scan the internal systems (assuming the VPN granted access to all the internal networks)

  • Monitoring tools for db

    Hi
    Would like to get suggestions from everyone for the best monitoring tool for oracle db

    Oracle Enterprise Manager
    Kamran Agayev A. (10g OCP)
    http://kamranagayev.wordpress.com
    [Step by Step install Oracle on Linux and Automate the installation using Shell Script |http://kamranagayev.wordpress.com/2009/05/01/step-by-step-installing-oracle-database-10g-release-2-on-linux-centos-and-automate-the-installation-using-linux-shell-script/]

  • Wi-Fi Network Monitoring Tool for Palm OS 5.x

    Hi there..
    I'm trying to develop a 802.11b/g monitor tool for a Palm device (Tungsten C) using J2ME and it turns out to be pretty difficult or maybe even impossible.. meaning, I'm stuck. Since the J2ME VM is optimized for CLDC/MIDP enabled devices, it can't execute parts of the bytecode I used from jpcap. Same while trying to use libpcap with Java (using wrapper classes), it needs some of the J2SE classes which are not or partly supported by J2ME. So I was wondering whether you guys might have some suggestions to solve my problem (using Java)?
    Thanx & Greets from Switzerland, Mike.

    Any particular bytecode? Like maybe to do with doubles/floats? Or is java classes required by libpcap that are missing? I'm guessing you need deeper access to the 802.11 libraries to do monitoring. All you'll have in MIDP is the 'http' connector protocol.

  • Is there any monitoring tool for web server and application server ?

    experts,
    I just want to know that is there any monitoring utility which being used to monitor the web server activities like threads web console session tracking and so on..
    I am using Jboss as my application server.If you suggest any monitoring tool for Jboss It would be helpful for me,

    You may use jConsole

  • DataGuard monitoring tool for NOC

    Hi,
    I'm looking for a dataguard monitoring tool for use in our NOC, I mean something operator/user friendly...

    If you have data guard broker license then your enterprise manager have all this informations to give !
    If you don't have the license then enterprise manager will not have that.
    edit:
    on enterprise manager: database -> choose oyur databse -> availability -> data guard (menu) -> Setup and manage -> ask you to use data guard broker (or not if you database is registered into data guard broker)

  • Monitoring tool for SunFire V210

    Hello,
    We are running a couple of SunFire V210. These servers are doing their job and we never have to touch them, this is the main reason why we have no expertise on these servers.
    One of the servers indicators is actually yellow, so I reckon I must have some Hardware issue with it. Is there any monitoring tool available on Solaris to perform a diagnostic (equivalent od Dell OpenManage on Dell server)?
    Thanks a lot for your time.
    Fred

    There is no "best" monitoring tool for AS. It all depends on what your shop is using currently for monitoring of other servers / services. You could monitor your AS using AS Control, but it doesn't send you any alerts etc. OEM might be a good choice, but not if you have to install (and but) it for one server etc. etc.

  • Monitoring tool for 10gAS

    Hi ,
    As my setup is running oracle 10g application server on Red hat Linux , iam looking for a monitoring tool to monitor my applications server, please suggest me which tool is best for monitoring and administrating
    regards
    Syed

    There is no "best" monitoring tool for AS. It all depends on what your shop is using currently for monitoring of other servers / services. You could monitor your AS using AS Control, but it doesn't send you any alerts etc. OEM might be a good choice, but not if you have to install (and but) it for one server etc. etc.

  • Managed Server Monitoring tools for WLS 8.1 on linux

    Our organization uses a set of locally written shell scripts to monitor the status of the managed servers in a WLS 8.1 domain installed on RedHat Linux 4, update4.
    The main monitoring script uses the output of the "ps" and "netstat" commands to determine the process-id, server name, and tcp ports used by each managed server.
    It is able to determine the name of the managed server by parsing the value of the "-Dweblogic.Name" parameter from the command line of the java command that launches the jvm that represents the managed server.
    When a managed server is started, the command line resembles the following:
    java \
    -DLotsofVariables \
    -classpath LotsofCpElements \
    -Djava.security.policy==PolicyFile \
    -Dweblogic.Name=NameOfMgdServer
    The maximum number of characters displayed by the "ps" command with the wide (-w) option is 4096.
    A recent addition to the class path has increased the length of the command line, resulting in the "NameOfMgdServer" being truncated.
    It now appears similar to the following:
    java \
    -DLotsofVariables \
    -classpath LotsofCpElements \
    -Djava.security.policy==PolicyFile \
    -Dweblogic.Name=NameO
    This breaks our monitoring script because it is looking for a managed server named "NameOfMgdServer", not "NameO".
    Each managed server is monitored by the WLS administration server and the local node manager.
    Is there a way to restructure or rewrite the command line used to launch the managed server java jvm such that the "-Dweblogic.Name=NameOfMgdServer" appears before the specification of the classpath?
    I can find no mention of the "-Dweblogic.Name" parameter on the "Remote Start" tab corresponding to each managed server, so it appears that WLS is building the java command line internally based on the contents of the config.xml file, before launching the managed server process.
    I've considered adding an additional parameter to the java command line preceding the specification of the classpath, simply to identify the identity of the managed server, but I don't like this type of hack.
    Perhaps someone else has developed a similar monitoring tool, and could provide some advice?
    Any feedback is appreciated

    Our organization uses a set of locally written shell scripts to monitor the status of the managed servers in a WLS 8.1 domain installed on RedHat Linux 4, update4.
    The main monitoring script uses the output of the "ps" and "netstat" commands to determine the process-id, server name, and tcp ports used by each managed server.
    It is able to determine the name of the managed server by parsing the value of the "-Dweblogic.Name" parameter from the command line of the java command that launches the jvm that represents the managed server.
    When a managed server is started, the command line resembles the following:
    java \
    -DLotsofVariables \
    -classpath LotsofCpElements \
    -Djava.security.policy==PolicyFile \
    -Dweblogic.Name=NameOfMgdServer
    The maximum number of characters displayed by the "ps" command with the wide (-w) option is 4096.
    A recent addition to the class path has increased the length of the command line, resulting in the "NameOfMgdServer" being truncated.
    It now appears similar to the following:
    java \
    -DLotsofVariables \
    -classpath LotsofCpElements \
    -Djava.security.policy==PolicyFile \
    -Dweblogic.Name=NameO
    This breaks our monitoring script because it is looking for a managed server named "NameOfMgdServer", not "NameO".
    Each managed server is monitored by the WLS administration server and the local node manager.
    Is there a way to restructure or rewrite the command line used to launch the managed server java jvm such that the "-Dweblogic.Name=NameOfMgdServer" appears before the specification of the classpath?
    I can find no mention of the "-Dweblogic.Name" parameter on the "Remote Start" tab corresponding to each managed server, so it appears that WLS is building the java command line internally based on the contents of the config.xml file, before launching the managed server process.
    I've considered adding an additional parameter to the java command line preceding the specification of the classpath, simply to identify the identity of the managed server, but I don't like this type of hack.
    Perhaps someone else has developed a similar monitoring tool, and could provide some advice?
    Any feedback is appreciated

  • Manually start RADIUS, Authentication and groups for Cisco ASAs

    I am testing moving a 10.7 server to 10.8.
    We have used RADIUS to authenticate VPN traffic on our Cisco ASAs in the past.  In the past Server Admin allowed for our ASAs to be added manually to the list of devices using the service.  With Server Admin being removed and the limited funtionality of automated addition of Airports to the system I have no GUI method to get our ASAs into the service.  The ability to tell RADIUS which groups are using the service is no longer available in the GUI as well.
    I have found the clients file in /etc/raddb and added our ASAs to the clients list.  I believe I have done this correctly in accordance with the instructions on the freeRADIUS website.
    I need help with:
    1- I was hoping someone knows how to manually tell RADIUS which groups are permitted to use the service.
    2- Can anyone tell me how to turn on RADIUS?  radiusconfig -start appears to only tell the system to keep it on after a restart if i understand the manual page.
    Thanks

    With David's suggestion I was able to get RADIUS running.  The following assumes that you are comfortable with Terminal and would be able to back up any files you edit.  Here is what I did to our fresh installation of 10.8 Server:
    In Terminal enter "sudo radiusd -Xx" which tries to turn RADIUS on and runs it with full logging of activity in the window.  The last line after this entry should be something similar to "Ready to process records."  In our new installtion there were errors relating to "instantiating" sql and the ready message never came.
    In Terminal enter "sudo pico /etc/raddb/radiusd.conf" and authenticate as needed.  Scroll down in the file to the section where there are "instantiate" items.  I commented out the SQL setup, by putting a # before the line that says "sql".  Save the file by pressing Control-O, press return to save in the default location, and press Control-X to get out of the editor.  I redid step number 1 twice and eventually RADIUS was running.  Removing SQL from RADIUS will assure that problems will arise if you plan to use Server.app to add AirPorts to the network in the future.  OS X Server adds its clients in an SQL database according to the programming notes in the .conf files.  I will only be using our Cisco ASAs so SQL is not relevant to our setup.
    Testing the running RADIUS server was easy as well.  In Terminal enter "sudo pico /etc/raddb/users" and authenticate as needed.  This file contains details for users if you wanted to add them manually to the RADIUS server.  For testing purposes I removed the # before a line referring to a user "steve."  I had to get RADIUS restarted to take up the new information about Steve.  I killed the process using Activity Monitor and reran step number 1.
    In Terminal I opened a new tab and entered "sudo radtest steve testing localhost 0 testing123 -t".  You should get back a positive authentication message.  Switching back to the original tab will show the output of the RADIUS server.
    Reverse the entry in step 3 by adding back the # to comment out the line about steve in the users file.
    RADIUS is now running and authenticating against its own users file.
    Now we need to add our ASAs to the RADIUS server so it knows that it can authenticate for them.  In Terminal enter "sudo pico /etc/raddb/clients.conf".  We added lines for our ASAs, following the samples in the code.  The information in the lines we added included a generic name for each ASA or device needing RADIUS type authentication, its IP address, and the shared secret for device authentication.
    Following David's advice from above I created the RADIUS sacl by entering in Terminal "sudo dseditgroup -q -o create -u <admin user> -P <admin password> -n . com.apple.access_radius".  This created the sacl for the service.  Editing of the associated users and groups permitted to use the service was able to be done in Server.  Be sure to select from the View menu "Show system accounts".  Selecting "Groups" from the left margin of the Server window will show all of the SACLs along with any groups you have created.  The RADIUS sacl can then have groups and users added to it.
    To ensure that RADIUS is running and stays running enter the following in Terminal.  First, "sudo radiusd.conf" will start RADIUS without logging in the Terminal window.  Then, "sudo radiusconfig -start" to tell the system to keep it running and also run after a reboot.
    I made no changes to our ASA settings and found that I was able to authenticate the "Steve" user from the RADIUS test in the ASA.  I was also able to authenticate a user which had been added to the "Users" in Server.  It appears that the ASA will be permitted to authenticate Open Directory users without additional setup.
    I now need to set up our user groups to match those we use in our 10.7 server and add them to the RADIUS SACL and we should be set.
    Once I have everything running properly, I will add a post here to close this discussion.
    If anyone can shorten this procedure please let us know what you suggest.
    -Erich

  • Can anyone provide me details and fix for Shell Shock vulnerability for Cisco ASA version 5?

    We came to know frm our compliance team that we are running into shell shock vulnerabity therefore wanted to know the fix and document..

    Hi James,
    We do have a PSIRT filed for shell shock vulnerability, please refer details below:
    CSCur00511    ACS evaluation for CVE-2014-6271 and CVE-2014-7169
    https://tools.cisco.com/bugsearch/bug/CSCur00511/?reffering_site=dumpcr
    Here is the fixed code information for individual versions:
    Fixed Code:
    Patch for DDTS CSCur00511 is ready and available on CCO.
    The patch is included in all cumulative patches from version 5.4.0.46.7/5.5.0.46.6/5.6.0.22.1 and later. We recommend that you download the latest cumulative patches.
    Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
    Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.4 / 5.4.0.46.0
    Patch filename: 5-4-0-46-.tar.gpg
    Readme and installaion instructions: Acs-5-4-0-46--Readme.txt
    Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
    Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.5 / 5.5.0.46
    Patch filename: 5-5-0-46-.tar.gpg
    Readme and installaion instructions: Acs-5-5-0-46--Readme.txt
    Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
    Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.6 / 5.6.0.22
    Patch filename: 5-6-0-22-.tar.gpg
    Readme and installaion instructions: Acs-5-6-0-22--Readme.txt
    Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
    Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.3 / 5.3.0.40
    Patch filename: 5-3-0-40-.tar.gpg
    Readme and installaion instructions: Acs-53-Readme.txt
    Regards,
    Tushar Bangia
    Please do rate the post if you find it helpful!!

  • Reporting (Monitoring) Tool for CUCM 8.6

    Hi ,
    I am looking for a reporting or statistic tool for CUCM 8.6. , better we search a Monitoring tool .
    Our main concrn is that we would like monitoring the Lines , the Phones , Calls (In und Out) , Count of Calls etc. not only print but a dashboard also .
    Could you recommend me a programm by your experience ?
    Thanks for your support
    Homayoun

    Here's a quick summary of what to do to view the number of registered phones per subscriber. There's lots more detail on all the available parameters in the docs from that link I gave above.
    Open RTMT and select the Default profile. From the left hand window, select the "Performance" option.
    This will open the Performance screen. Pick one subscriber from the list of nodes, expand it out, and then expand out the "Cisco CallManager" branch. Select and drag the Registered HardwarePhones option to one of the six blank squares.(You can adjust the divider to make reading the labels easier - but selecting the divider isn't always easy) You can repeat for all your other subscribers.
    You can add extra tabs by selecting Edit (From the top-level menu bar) -> New Category.
    GTG

Maybe you are looking for