Information: Forum is in read-only mode
For details and other support options see https://www.adiscon.com/news/support-forum-set-to-read-only-mode/

Configuring Cisco pix traffic reports

Support, Questions and Discussions on MonitorWare Console

Moderator: alorbach

Google Ads


Configuring Cisco pix traffic reports

Postby rvtim » Tue May 18, 2004 5:55 pm

Hello
i have succesfully installed monitorware and winsyslog
the log are filling up fine
however only few reports work (who is attacking me report and blocked port )
the traffic reports stay empty,
did i miss something on the pix in order to send traffic info

thank you !
rvtim
 

Postby wrehman » Wed May 19, 2004 9:26 am

Hi,

You are using log files for the generation of reports. Please check the following:

1. Check if the write to file action has been correctly configured. This is required because console expects a certain log file format to generate the reports
http://www.mwconsole.com/en/Manual/Curr ... module.htm

2. Please select the correct parser for the generation of reports (if you are interested in PIX reports, then select the PIX parser before generating it)

3. Check if you give correct log file path and log file prefix before generating a report.

4. Do you apply any filters that dont return any records?

5. Please list down the names of the reports that are generated as empty reports.

6. Generate a report that is empty. After its generation go to windows event log and see what error message(s), if any, is(are) logged in the application event log by monitorware console.

I will be waiting for your reply.

Best Regards
Wajih-ur-Rehman
Adiscon
wrehman
Adiscon Support
 
Posts: 75
Joined: Tue Mar 18, 2003 9:30 am

PIX reports

Postby ajsingh » Tue Aug 31, 2004 3:15 am

I have the same problem. NO event log, but all of the reports are blank.

Any suggestion? I did above said steps but no change.
ajsingh
 

Problems with PIX traffic reports (PIX software release 6.3)

Postby Danil Kubrakov » Mon Feb 14, 2005 8:49 am

Hello !

We have succesfully installed Winsyslog 6.3 to write PIX messages to standart database (sample.mdb).
Settings were made according to instructions.

We use Console version 2.1.

Do not work reports : Possible Attacks Report, Traffic By Hour Report, Traffic by Port Report, Outbound Traffic By IP, Traffic By Target IP.

The other reports work orderly (Accessed Web Sites Report, PIX Summary by Message Type, Who is Attacking Me Report, PIX Summary By Severity Level, Blocked Ports Activity Report).

Possible, problem in message number divergence - coming from the document "Transformation Rules for PIX Summary By Severity Level" some messages in versions 6.3 have other number : PIX-6-302002 = PIX-6-302014(6.3), PIX-6-302005 = PIX-6-302015(6.3), PIX-6-302006 = PIX-6-302016(6.3), PIX-3-106011 = PIX-7-106011(6.3).

Can You correct this situation ?
Thank you, I'll be waiting for answer.
Danil Kubrakov
 

Postby wrehman » Mon Feb 14, 2005 10:38 am

Hello,

This is the problem then because the report is only generated for the specific event ids of pix. In fact those event ids go in the where clause. If the database or the file doesnt contain any of the event ids that are used in the report, then it will not generate the report. I will discuss this issue with the development team and will inform you about this.

regards
Wajih
Adiscon
wrehman
Adiscon Support
 
Posts: 75
Joined: Tue Mar 18, 2003 9:30 am

Re: Problems with PIX traffic reports (PIX software release

Postby Guest » Thu Mar 24, 2005 6:31 am

Danil Kubrakov wrote:Hello !

We have succesfully installed Winsyslog 6.3 to write PIX messages to standart database (sample.mdb).
Settings were made according to instructions.

We use Console version 2.1.

Do not work reports : Possible Attacks Report, Traffic By Hour Report, Traffic by Port Report, Outbound Traffic By IP, Traffic By Target IP.

The other reports work orderly (Accessed Web Sites Report, PIX Summary by Message Type, Who is Attacking Me Report, PIX Summary By Severity Level, Blocked Ports Activity Report).


I am having exactly the same problem & the same reports don't work for me either. I am also logging to a database but have the same result when logging to a file, even though I have made sure it is in Pix format etc.

I am currently trialing this software. What needs to be done to fix this so we can purchase it?
Guest
 

Changes in the PIX reports format

Postby Anonymous » Thu Mar 24, 2005 9:38 am

Dear All,

i have looked into this matter since it was identified for the first time. I am working on this. PIX file formats have changed for the 6.3 version and i am updating those reports for you people.

Good news is that the updated reports shall soon be updated and will be available for everyone. They are currently under testing and will be available on the web by next week.


Regards,

Tayyab Arif
Adiscon Support Team
Anonymous
 

Cisco PIX traffice reports now updated and are available

Postby Anonymous » Tue Apr 05, 2005 6:16 am

This is to inform you all that Cisco PIX reports are now avaiable.Please follow the link below:

http://www.adiscon.org/download/updated_cisco_pix_traffic_reports.zip

Please let us know about your comments and further requirements.

Regards,

Tayyab Arif
Anonymous
 

Re: Cisco PIX traffice reports now updated and are available

Postby Guest » Mon Apr 11, 2005 7:10 am

tarif wrote:This is to inform you all that Cisco PIX reports are now avaiable


Still evaluating the software & currently using the Access DB. I have downloaded the new reports & the Traffic x Hour certainly now works. Traffic x Port seems to take a very long time & a high amount of CPU & RAM to run, even when restricted to one day. Is that to be expected?

TJ
Guest
 

Thank you TJ

Postby Anonymous » Mon Apr 11, 2005 7:52 am

Dear TJ,

Thank you for testing our reports. Yes, i have got some feedback on Traffic by Port report and its performance issues. i think there may be some compression issues that i need to look at.

One quick question to clarify a bit. Whether Traffic by port report was completely executed or it was halted inbetween? Did you see the browser opening and showing the report after a very long time?

Thank you very much

Regards,
Tayyab Arif
Anonymous
 

Re: Thank you TJ

Postby Guest » Tue Apr 12, 2005 4:04 am

tarif wrote:One quick question to clarify a bit. Whether Traffic by port report was completely executed or it was halted inbetween? Did you see the browser opening and showing the report after a very long time?


Not quite sure what you mean there. I selected a date of 1/04 in the Upper Value and Lower Value fields, then clicked "Generate Report". The Monitorware Console is then busy for several hours & the Report eventually pops up in a Web page.

Actually I don't think I applied a filter to it at all. Just trying to work out now how I can filter the traffic x port report on a selected day only, which is really what we are interested in.
Guest
 

Postby Guest » Tue Apr 12, 2005 4:37 am

So what I really need is the traffic report x port with the ability to select a date range. We have some intermittently extremely high internet usage going on & I need to be able to isolate the ports in use for a particular date range, often only 1 day but sometimes over a greater period

Any way I can do that? The filters for "ReceivedAt" and "DeviceReportedTime" that I can add are very limited & inflexible.

TJ
Guest
 

Google Ads



Return to MonitorWare Console

Who is online

Users browsing this forum: No registered users and 0 guests

cron