How to Monitor my Network

ahmedahmed · January 2013

I have configured my cisco 2911 router for a zone based firewall, Initially there was a proprietary firewall in the routers place and when some one tried some ambiguous activity we got warning alerts through emails indicating what and who tried to compromise the network and what action was taken(ie attackers ip was blocked) but I don't know if there is any way that I can monitor my router traffic if it is compromised ie if someone tries to hack into my network I get a notification via email or something of that sort.
would appreciate some help towards achieving this.

emerald_octane · January 2013

I also have the 2911. You can use CCP to setup logging and sending traps to an SNMP server (I don't know the line commands for this). At which point you can setup a e-mail to react to such a trap. You can also use CCP to monitor the router itself.

I do not know if you can send an email from within IOS itself.

SteveO86 · January 2013

You can setup logging on the router to send ACL hits to a syslog server. There a couple different free options.

You can also configure NetFlow to get a real time view of the traffic going through the router.

As far alerting when someone attempts to hack into your network, it's slightly more complicated than that.

docrice · January 2013

For near real-time alerting, set logging traps at informational level and use Swatch on your syslog for key events. You'll need to tweak that over time.

pert · January 2013

I'd get a real monitoring solution, I prefer Solawinds NPM, but there are tons of viable options. Yes, you can monitor quite a lot through command line and relay, but that solution doesn't scale and is a huge chore doing on every device. There are much better solutions out there.

How to Monitor my Network

Comments