Log Parsing Commands 3

Logfile Parsing

While parsing logfiles on a Linux machine, several commands are useful in order to get the appropriate results, e.g., searching for concrete events in firewall logs.

In this post, I list a few standard parsing commands such as grep, sort, uniq, or wc. Furthermore, I present a few examples of these small tools. However, it’s all about try and error when building large command pipes. ;)

Continue reading Logfile Parsing

KeePass-GeneratedPasswords

Considerations about IPsec Pre-Shared Keys

Pre-shared keys (PSK) are the most common authentication method for site-to-site IPsec VPN tunnels. So what’s to say about the security of PSKs? What is its role for the network security? How complex should PSKs be? Should they be stored additionally? What happens if an attacker catches my PSKs?

I am listing my best practice steps for generating PSKs.

Continue reading Considerations about IPsec Pre-Shared Keys

Palo Alto DNS Proxy malicious request featured image

If only one DNS query is malicious …

… the whole Internet breaks down. So happened on a Palo Alto with a DNS proxy and a (slightly misconfigured) anti-spyware profile.

All network clients had a single DNS server configured, namely the DNS proxy of the Palo Alto. And as a single network client requested an URL that was classified as “spyware”, the Palo correctly (!) blocked the DNS session from its DNS proxy to the Internet. Unluckily, this session stayed active for a long time (with drop-all-packets) since many DNS requests were traversing through it. But since it stayed blocked, the Internet was “unavailable” for all end users

Continue reading If only one DNS query is malicious …

fd-wv-fw01.cfg-172.16.1.1_ethernet0_3-ws-l2-r2

MRTG/Routers2: Template Juniper SSG

Finally, this is how I am monitoring my Juniper ScreenOS SSG firewalls with MRTG/Routers2. Beside the interfaces (that can be built with cfgmaker) I am using my template in order to monitor the CPU & memory, count of sessions & VPNs, count of different kind of attacks, etc.

Continue reading MRTG/Routers2: Template Juniper SSG

ra.cfg-192.168.122.3_concurrentusers-ws-l2

MRTG/Routers2: Template Juniper SA/MAG

I am monitoring an (old) SA-2000 cluster of Juniper Secure Access devices with my MRTG/Routers2 system. With the JUNIPER-IVE-MIB I built the configuration file for that monitoring system. In this blog post, I show the graphs generated with MRTG/Routers2 and publish my cfg file as a template.

Continue reading MRTG/Routers2: Template Juniper SA/MAG

ciscoasa.example.com_cfg-10_10_1_1_connectionsxlates-ys-l2

MRTG/Routers2: Template Cisco ASA

I constructed a MRTG/Routers2 configuration template for the Cisco ASA firewall which consists the OIDs (graphs) for the interfaces, CPU, memory, VPNs, connections, ping times, and traceroute hop counts. With only four search-and-replace changes as well as a few further specifications, the whole SNMP monitoring for that firewall is configured.

Continue reading MRTG/Routers2: Template Cisco ASA