Log reporting tool recommendations?

Unanswered Question
Jul 19th, 2007

All,

I've inherited a network with over 20 sites using PIX ver 6.X and 7.X as the border firewalls. All the VPN's between the sites are wide open and I need to lock them down. I have several months worth of syslogs. Can anyone recommend a tool that can report on the syslogs which ports are being used on which which VPN's? Preferably if they could analyze the syslog files.

thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mhellman Thu, 07/19/2007 - 05:09

For a onetime effort like this, I would recommend putting the files on a unix/linux box and using find/grep/awk.

watcher60 Thu, 07/19/2007 - 05:58

While I agree there are a lot of options out there (I have looked) I was asking for recommendations. What I really am looking for it ones that are able to present results on the IP ranges in the VPN config.

what I need is a tool that can identify matching IP's in the subnets used by the VPN ACL (ie 192.168.1.1 is part of the 192.168.1.0/24 range) I have a large amount of subnets carved up in various sub classes so searching for say 192.168.1 would not cut it. The nearest I found was managenegine's offering but it did not seem to work with all subnets.

many thanks

Actions

This Discussion