+ Reply to Thread
Results 1 to 5 of 5
  1. Member
    Join Date
    Dec 2012
    Posts
    41
    #1

    Default How to Monitor my Network

    I have configured my cisco 2911 router for a zone based firewall, Initially there was a proprietary firewall in the routers place and when some one tried some ambiguous activity we got warning alerts through emails indicating what and who tried to compromise the network and what action was taken(ie attackers ip was blocked) but I don't know if there is any way that I can monitor my router traffic if it is compromised ie if someone tries to hack into my network I get a notification via email or something of that sort.
    would appreciate some help towards achieving this.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Feb 2012
    Posts
    604
    #2
    I also have the 2911. You can use CCP to setup logging and sending traps to an SNMP server (I don't know the line commands for this). At which point you can setup a e-mail to react to such a trap. You can also use CCP to monitor the router itself.

    I do not know if you can send an email from within IOS itself.
    Reply With Quote Quote  

  4. Senior Member SteveO86's Avatar
    Join Date
    Oct 2010
    Location
    FL
    Posts
    1,405

    Certifications
    CCNP, CCIP, CCDP, CCNP: Security/Data Center, CCNA Wireless, CWNA, WCNA
    #3
    You can setup logging on the router to send ACL hits to a syslog server. There a couple different free options.

    You can also configure NetFlow to get a real time view of the traffic going through the router.

    As far alerting when someone attempts to hack into your network, it's slightly more complicated than that.
    Reply With Quote Quote  

  5. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #4
    For near real-time alerting, set logging traps at informational level and use Swatch on your syslog for key events. You'll need to tweak that over time.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Aug 2009
    Posts
    250

    Certifications
    CCNP R/S, CCNA Wireless, BCNP, BCNE, SCP, A+, N+
    #5
    I'd get a real monitoring solution, I prefer Solawinds NPM, but there are tons of viable options. Yes, you can monitor quite a lot through command line and relay, but that solution doesn't scale and is a huge chore doing on every device. There are much better solutions out there.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks