Event Tracking
CBAC would not be much good if it worked, but you didn't know what it was doing. Cisco has enabled CBAC to generate alerts and to also send inspection information to a syslog server.
CBAC generates alerts in real time and can alert a system administrator to possible suspicious activity. Alerts can be enabled globally and on a per-application basis.
The inspection information that CBAC sends to a syslog server, called audit trails, includes the IP addresses of the source and destination of a packet; the source port and destination ports of a packet; and statistical data, such as bytes and time stamping.
Logging to a Syslog Server
It is a good security practice to record various log messages that you can review at a later time and ...
Get SECUR Exam Cram™ 2 (Exam 642-501) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
