Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > SNMP dest ip:port monitoring and alarm w/4000 router?

Reply
Thread Tools

SNMP dest ip:port monitoring and alarm w/4000 router?

 
 
joeblow
Guest
Posts: n/a
 
      06-07-2004
Is it possible (using snmp maybe?) to monitor traffic coming into a
4000 router and to insure that traffic a for a certain ip address(es) and
dest port(s) is present and to send an event, or
make a syslog entry or something when that dest-ip:dest-port traffic
ceases?

thanks
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      06-08-2004
In article <(E-Mail Removed)>,
joeblow <(E-Mail Removed)> wrote:
:Is it possible (using snmp maybe?) to monitor traffic coming into a
:4000 router and to insure that traffic a for a certain ip address(es) and
:dest port(s) is present and to send an event, or
:make a syslog entry or something when that dest-ip:dest-port traffic
:ceases?

I don't believe you can do that using SNMP.

You might be able to work something out around analyzing netflow
logs.

You could put a 'permit...log' ACL entry in for the desired traffic,
and have your syslog server generate an alarm if one of the
regular traffic summaries for that entry did not show up. That could
take 5 minutes (by default), but the timing is adjustable.

What you -probably- should be doing is SPAN'ng the traffic
to an IDS-type tool (even if only home grown). I do not know at
the moment whether the 4000 supports SPAN.

--
The image data is transmitted back to Earth at the speed of light
and usually at 12 bits per pixel.
 
Reply With Quote
 
 
 
 
AnyBody43
Guest
Posts: n/a
 
      06-10-2004
http://www.velocityreviews.com/forums/(E-Mail Removed)-cnrc.gc.ca (Walter Roberson) wrote
> In article <(E-Mail Removed)>,
> joeblow <(E-Mail Removed)> wrote:
> :Is it possible (using snmp maybe?) to monitor traffic coming into a
> :4000 router and to insure that traffic a for a certain ip address(es) and
> :dest port(s) is present and to send an event, or
> :make a syslog entry or something when that dest-ip:dest-port traffic
> :ceases?
>
> I don't believe you can do that using SNMP.
>
> You might be able to work something out around analyzing netflow
> logs.
>
> You could put a 'permit...log' ACL entry in for the desired traffic,
> and have your syslog server generate an alarm if one of the
> regular traffic summaries for that entry did not show up. That could
> take 5 minutes (by default), but the timing is adjustable.
>
> What you -probably- should be doing is SPAN'ng the traffic
> to an IDS-type tool (even if only home grown). I do not know at
> the moment whether the 4000 supports SPAN.


A home grown monitor would most likely be easy in perl using
windump (and winpcap).

VBscript or any development system that allows external commands to
be run and the output read by the program would be suitable.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
alarm and monitoring systems in the IT world thingy NZ Computing 12 12-07-2006 12:42 AM
Zone Alarm or Zone Alarm Pro? Jones Computer Information 5 02-20-2004 07:29 PM
Audible alarm in Zone Alarm? Patch Computer Support 4 08-18-2003 07:43 PM



Advertisments