want to implement cisco port security, what software to catch syslog or snmp traps?

[xSauronx]

Im (still) a work study student for the Network Admin at a small community college. Im being used to finally implement a few things on his todo list.

He wants port security implemented on our access layer switches, mostly 2950s. I know how to do the port configurations. What software can I or should I use to get the syslog or snmp trap messages that can be sent from the switches?

Software has to be free and windows-based, we have $0 to spend on anyting at the moment. I implemented networking monitoring and alerts with "the dude" but it doesnt support snmp trap/syslog notices.

Is there anything I can get for nada that can handle this? Itd be great if it could also email out alerts but its not a strict requirement.

Thanks

 

[spidey07]

http://www.kiwisyslog.com/

 

[Pantlegz]

Or if you're running windows server 2008, it has a built in syslog server, of sorts. Not sure if it's as nice as kiwi but it's another option.

 

[jlazzaro]

+1 for kiwi syslog. the licensed version has a lot of useful features like ODBC logging, web access, etc, but the free version should suffice for your needs. i believe it supports alerting, so you can setup notification when access violations arrive.

 

[her209]

For SNMP logging and trapping, use Nagios.

 

[xSauronx]

http://www.kiwisyslog.com/

sweet, thanks

dont have 2k8 running on anything; its all 2k3
im not going to setup nagios for this, we dont have any linux servers and i already have a monitoring setup, i just lacked this piece of functionality.

thanks everyone

 

[Emulex]

kiwi free didn't seem to keep up with the flow very well. throw up a snort box on a span port and have it collect syslog too 🙂

snare is cool for forwarding windows event logs to syslog 🙂

 

[xSauronx]

kiwi free didn't seem to keep up with the flow very well. throw up a snort box on a span port and have it collect syslog too 🙂

snare is cool for forwarding windows event logs to syslog 🙂

ill take a look at it, my todo list is getting short 🙂

now hes on the fence about implementing the port security because...only he and i have access to the switches to re-enable the ports. he has no proper assistant and doesnt want the helpdesk crew to be able to login and do things.

but, being a community college with ~900 machines on campus, there will be times where a machine will go down and need to be swapped out or where a loaner, test or exhibition machine will need to be connected in a room (With or without proper notice) and he doesnt want to have to respond to each instance immediately (And sometimes simply can not)

 

[spidey07]

Why not just use the other features for security? 1 mac per port, arp spoofing, dhcp snooping, bpduguard, loopguard, etc?

And have a autorecovery timer for particular errdisable/features?

 

[xSauronx]

Why not just use the other features for security? 1 mac per port, arp spoofing, dhcp snooping, bpduguard, loopguard, etc?

And have a autorecovery timer for particular errdisable/features?

these are not services im familiar with dealing with, so doing anything with them hasnt occurred to me. he may be familiar with them...but never suggested any of them to me. he just said "i want to implement sticky port security but im not familiar with the config and options, give me a summary". ill look around a little, thanks for the suggestions.

max 1 mac per port is easy enough...excepting for the handful of labs that run virtual machines and would need to be allowed 2 or 3 at a time, and Im still not sure the best way to deal with that since the vms can get created throughout a semester. as it is, there is *no* port security so anything that gets done is an improvement.

thanks for the suggestions.