Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Monitor asa firewall logs for deny statements

https://support.nagios.com/forum/viewtopic.php?t=29956

Page 1 of 1

Monitor asa firewall logs for deny statements

Posted: Wed Nov 05, 2014 12:30 pm
by tfgroup
Hello,
Is there a way to monitor firewall logs and report if there is more than 20 deny statements within 30 seconds? This is to respond to DDOS attacks.
Thanks!

Re: Monitor asa firewall logs for deny statements

Posted: Wed Nov 05, 2014 3:47 pm
by sreinhardt
You could look at traps that your asa supports, depending on license level last I checked. Another option that would be better suited than XI is to use log server to collect your ASA logs and alert to XI based on that. Enabling the specific firewall logs or all logs should provide this information for you.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited