PIX syslog

Unanswered Question
Mar 8th, 2007

HI there

I have a Cisco PIX 515E. I am able to retrieve the sys log from an AIX server, and i can break them in files by severity or by error code. Anyway it is still a lot of work to read all of these logs.

My question is simple. Is there any Cisco Software or any recommended software that will simplify the job of reading the logs?


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
suschoud Thu, 03/08/2007 - 07:50

Syslog server could be:

- Kiwi Syslog:

http://www.kiwisyslog.com/

- 30COM Deamon

http://www.ncat.co.uk/Download/

- There is also a Cisco Syslog Server which supports TCP Syslog 514 - pfss512.exe

http://www.cisco.com/cgi-bin/tablebuild.pl/pix?sort=release


Commercial products that creates graphs and analyzes Syslog to generate stats could be:

- FireGen http://www.eventid.net/firegen/

- Try this one FWLOGSUM (Freeware).

http://www.ginini.com/software/fwlogsum/

http://www.ginini.com/software/fwlogsum/converters/

It uses basicly PERL scripts and supports a wide range of Firewalls. You just need to install Perl in your Windows environment.

- Try Sawmill (Eval version)

http://www.sawmill.net/

- EIQ Networks Network Security Analyzer eiqnetworks.com


Hope that gives you some ideas what to try.



Regards,

Sushil

pplsi Mon, 03/12/2007 - 18:55

If you are looking for a syslog solution there are a number of good syslog devices.


Log Logic is really nice and is an appliance and you can also get a 2T storage with it.


However, if you want to just have something correlate the logs for you and see the events that are possible issues. Check out CS-MARS.


It is actually better to use both solutions though. Store your logs on a syslog server and have CS-MARS correlate the events and show you what are possible threats.

Actions

This Discussion