We have a Cisco 2821 configured with CBAC as our firewall. We have been asked to set up logging on it with the intended purpose of being able to tell management something if we ever get hacked.
I have set up SNMP trapping for most everything, but making any sense out of those logs is nearly impossible.
Can anyone help tell me how they are logging their IOS firewall traffic? Do you use any tools? Is anyone logging without using any parsing tools? Do you have any tips on how to get some useful information out of the logs?