You need administrative privileges on each of the machines. This is required in both cases,
for installation and configuration. Make sure you log on with a sufficiently
privileged user account.
Step 1 - Download Software
You need to download the following software to follow this step by
step guide:
1. www.winsyslog.com/en/download
2. www.mwconsole.com/en/download
Step 2 - Install WinSyslog
Run the WinSyslog program on the system that is to act as the central server. Take a note of this server's IP address or host name. You’ll need this value when configuring
PIX to forward the messages to it.
Step 3 – Configure a Syslog Server
The steps to configure the WinSyslog as a
syslog server are as follows:
Configuring a Syslog Server
Step 4 – Create a RuleSet for Database Logging
In this section, you will create an action to write the messages that are
coming from PIX to a database. Please note that these steps would be exactly the
same for both MonitorWare Agent and WinSyslog.
Database Logging Steps
After configuring this RuleSet, make sure that
- this rule set is associated with the syslog server service that you
created in step 3. You can do this by clicking on the syslog server service
on the left hand side and by selecting the name of
the rule set that you created in step 4 in "Rule Set to Use" combo box on the
right hand side.
- The service is running. You can do this by clicking on the Play button at
the top of the client.
Step 5 – Configure PIX
In this step, you will need to configure PIX in such a way so that it sends
the messages to the syslog server that you created in the above step. You would
need to give the IP address or the hostname in PIX.
PIX Configuration Steps
Step 6 – Installing and Configuring MonitorWare Console
MWConsole- Installation and Configuration Steps
Step 7 – Generating PIX Reports with MonitorWare Console Manually
Following are the reports in MonitorWare Console that can be generated for
PIX logs.
- Accessed Web Sites Report
- Blocked Ports Activity Report
- Possible Attacks Report
- PIX Summary By Message Type
- PIX Summary by Severity Level
- Traffic By Hour Report
- Traffic By Port Report
- Outbound Traffic By IP
- Traffic by Target IP
This section explains how the PIX reports can be generated with MonitorWare
Console manually. In this section I will explain
the generation of a specific report only. Please note that, the procedure for generating any report is
almost the same.
Generating PIX Reports with Console
3.0 Manually
Step 8 – Scheduling the Generation of Reports with MonitorWare Console
This section explains how the reports can be generated with MonitorWare
Console automatically using Job Manager. With Job Manager, you can generate all
the reports based on a pre-defined schedule and ask it to either store it in
some location on the hard disk or send it to specified recipient via email. The
following section explains the scheduling of System Status Report. You can use
exactly the same method to generate any of the PIX reports that are
mentioned above.
Scheduling Reports with Console 3.0
You are done!
Well, this is all you need to do to
configure the basic operations. We hope this article is helpful. If you have any questions or remarks,
please do not hesitate to contact us at
support@adiscon.com
