Console | Device | Polling | Trapping | Logs | Trending

Logs Daily-Syslog-Extracts Examine-IPS-Logs Troubled Interface Report

Log Analysis Daily-Syslog-Extracts consults a configuration file, pokes through yesterday's syslog, and mails whatever has survived to interested parties. Examine-IPS-Logs pokes through yesterday's syslog, extracting Tipping Point messages and looking for *outbound* blocked events, i.e. internally infected hosts which are attempting to phone home to the mothership or are launching attacks. It sends mail to recipients according to subnets (i.e. a given recipient can register interest in infected hosts living on specific subnets). Troubled-Interface-Report consults a configuration file, pokes through yesterday's syslog looking for Cisco Catalyst messages specific to interfaces, and mails the result to interested parties. Possible issues include: rogue DHCP servers, excessive link up/down events, invalid source MAC addresses, excessive MAC address movement between ports.