Log reporting tool recommendations?

Unanswered Question
Jul 19th, 2007
User Badges:

All,

I've inherited a network with over 20 sites using PIX ver 6.X and 7.X as the border firewalls. All the VPN's between the sites are wide open and I need to lock them down. I have several months worth of syslogs. Can anyone recommend a tool that can report on the syslogs which ports are being used on which which VPN's? Preferably if they could analyze the syslog files.


thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mhellman Thu, 07/19/2007 - 05:09
User Badges:
  • Blue, 1500 points or more

For a onetime effort like this, I would recommend putting the files on a unix/linux box and using find/grep/awk.

watcher60 Thu, 07/19/2007 - 05:58
User Badges:

While I agree there are a lot of options out there (I have looked) I was asking for recommendations. What I really am looking for it ones that are able to present results on the IP ranges in the VPN config.


what I need is a tool that can identify matching IP's in the subnets used by the VPN ACL (ie 192.168.1.1 is part of the 192.168.1.0/24 range) I have a large amount of subnets carved up in various sub classes so searching for say 192.168.1 would not cut it. The nearest I found was managenegine's offering but it did not seem to work with all subnets.


many thanks

mskumar_apk Wed, 09/12/2007 - 06:43
User Badges:

Hi,


I am posting this with a disclaimer that I am part of ManageEngine offerings.


I believe Firewall Analyzer has filters that supports IPRange/CIDR. Hence your requirement could be easily achievable with that.


May be http://forums.adventnet.com/viewforum.php?f=61

would help you further.


regards,

MSK



Actions

This Discussion