Monitor asa firewall logs for deny statements

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
tfgroup
Posts: 13
Joined: Mon Apr 07, 2014 8:56 am

Monitor asa firewall logs for deny statements

Post by tfgroup »

Hello,
Is there a way to monitor firewall logs and report if there is more than 20 deny statements within 30 seconds? This is to respond to DDOS attacks.
Thanks!
Top
sreinhardt
-fno-stack-protector
Posts: 4366
Joined: Mon Nov 19, 2012 12:10 pm

Re: Monitor asa firewall logs for deny statements

Post by sreinhardt »

You could look at traps that your asa supports, depending on license level last I checked. Another option that would be better suited than XI is to use log server to collect your ASA logs and alert to XI based on that. Enabling the specific firewall logs or all logs should provide this information for you.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Top
Locked

Return to “Nagios XI”