Creating an Alert Profile with Exclusions.
Currently I used both KiwiSyslog and The FW Analyzer for parsing of the pix syslog messages. I am trying to create a rule on the FW Analyzer that will allow me to monitor Login Events that are genereated from specific hosts. I am able to create a rule that will alert me of all login attempts. However I need to create one that will exlcude specific hosts from the alert.
We have a script that runs on one of our servers that automatically logs into our devices to download configs every hour using ssh or telnet. I don't want alerts to be generated and emailed to me when this host connects to the pix. I want to exlcude it from the alert profile. KiwiSyslog allows me to do this and works like a charm.
The syslog message generated for this event is :
%PIX-6-605005: Login permitted from 10.0.0.25/45527 to inside:10.0.0.2/telnet for user ""
In KiwiSyslog you can create a rule with exclusions.
How can I create a rule that will allow me to do so?
We have a script that runs on one of our servers that automatically logs into our devices to download configs every hour using ssh or telnet. I don't want alerts to be generated and emailed to me when this host connects to the pix. I want to exlcude it from the alert profile. KiwiSyslog allows me to do this and works like a charm.
The syslog message generated for this event is :
%PIX-6-605005: Login permitted from 10.0.0.25/45527 to inside:10.0.0.2/telnet for user ""
In KiwiSyslog you can create a rule with exclusions.
How can I create a rule that will allow me to do so?
Topic Participants
tkd1979
support+user
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?