Log reporting tool recommendations?

watcher60 · ‎07-19-2007

All,

I've inherited a network with over 20 sites using PIX ver 6.X and 7.X as the border firewalls. All the VPN's between the sites are wide open and I need to lock them down. I have several months worth of syslogs. Can anyone recommend a tool that can report on the syslogs which ports are being used on which which VPN's? Preferably if they could analyze the syslog files.

thanks

mhellman · ‎07-19-2007

For a onetime effort like this, I would recommend putting the files on a unix/linux box and using find/grep/awk.

Collin Clark · ‎07-19-2007

There are a ton of options out there.

http://www.google.com/search?hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=PIX+log+analyzer&spell=1

watcher60 · ‎07-19-2007

While I agree there are a lot of options out there (I have looked) I was asking for recommendations. What I really am looking for it ones that are able to present results on the IP ranges in the VPN config.

what I need is a tool that can identify matching IP's in the subnets used by the VPN ACL (ie 192.168.1.1 is part of the 192.168.1.0/24 range) I have a large amount of subnets carved up in various sub classes so searching for say 192.168.1 would not cut it. The nearest I found was managenegine's offering but it did not seem to work with all subnets.

many thanks

mskumar_apk · ‎09-12-2007

Hi,

I am posting this with a disclaimer that I am part of ManageEngine offerings.

I believe Firewall Analyzer has filters that supports IPRange/CIDR. Hence your requirement could be easily achievable with that.

May be http://forums.adventnet.com/viewforum.php?f=61

would help you further.

regards,

MSK