Hello, I'm a novice in Log Management, so I'd like to explain you my needs to find out if PRTG is the product I'm looking for:
My network:
1x Cisco ASA5515X firewall (saving traffic logs via FTP)
1x Cisco WLC5508 wireless lan controller (saving auth logs via SNMP)
1x server 2012, 12 cores/12 Gb, (DC+DHCP+Radius)
From 50 to 200 wireless guests every day (personal credentials)
My work:
1 One of mine WiFi-guest is trying to realize a DoS attack on a website. (He thinks to be safe in the middle of other 100 WiFi guests), the boss calls me!
2 The attacked website give me the logs of the attack with timestamp.
3 I search in the firewall-logs which was the source IP (in LAN) of attacker with timestamp.
4 Then I search in the WLC-logs which user had that IP assigned at that time.
5 Then I verify in the WLC-logs past presences of the MAC address of the device of the attacker.
6 I try to verify in DHCP and radius logs that device and that user.
7 I print all these results for the boss: He kicks the attacker ass!
So I need to store logs from firewall and WLC, and manually search in the ASA+WLC logs for time, then for time+IP, then for MAC ….. Logs from server are interesting just for Radius and DHCP. No hardware or physical “sensors” are useful fof me.
Now the big question: Is PRTG the product I need to make this work more easily?
Thanx a lot, and sorry for my poor english!
Add comment