cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1590
Views
0
Helpful
5
Replies

Syslog Server / Report Generator

pjhenriqs
Level 1
Level 1

Hi,

This is more a request for information than a problem.

I manage some firewalls but until now I am unable to generate any reports for the customer and it's becoming more and more frequent that they want to know what sites did this or that IP address accessed.

So my question is what software do you advise to use not only to generate this reports but also to keep a log (I can only debug things using live traffic at the moment).

Thanks in advance,

Paulo

5 Replies 5

rtrunk
Level 1
Level 1

Paulo,

What software you use to generate reports depends a large part on what kinds of reports you want to see. There are dozens of reporting /log management packages out there.

But let's take things one step at a time. In order to generate reports, first you need to capture log info. So you need a syslog server. It needs to be placed in your network so that the firewalls (and perhaps other devices as well) can send their info to it. Since I don't know your topology, it could be that you will need more than one server.

What kind of server depends on your preference: Windows or Linux?

For Windows, I'd recommend CatTools by Kiwi Software. There is a free version and a more featured version for purchase.

For Linux, go with syslog-ng (an upgrade for the standard syslog daemon most Linux systems come with). It's free.

Think about disk size and how you intend to manage your log files. How long do you need to keep them? How will you archive them? Who should have access to them?

Once you've got your syslog server(s) up and running, then you can start investigating reporting tools.

Ron

Hi Ron,

Thanks for the reply. I guess what you said makes sense.

I'm looking into the syslog server at the moment. Is CatTools a syslog server or a management/automation tool for several devices? I've had a look at it and I don't think it is a syslog server.

My lab scenario is Windows.

Thanks,

Paulo Henriques

CatTools is a set of tools that includes a very good syslog server. You can download just the syslog server portion at

http://www.kiwisyslog.com/kiwi-syslog-daemon-overview/

Ron

Hi Ron,

I have managed to install the syslog server on my lab test scenario.

At the moment I am not worried about things like who will be able to access the logs, the size and time to keep them. This is because I'm still testing the softwares that I have available and I'm trying to understand the potencial of what can be offered.

Now that I have this CatTools Syslog Server running how does it interact with a reporting tool? And again, which tool do you advise?

Thanks,

Paulo

Hi Ron,

I have managed to install the syslog server on my lab test scenario.

At the moment I am not worried about things like who will be able to access the logs, the size and time to keep them. This is because I'm still testing the softwares that I have available and I'm trying to understand the potencial of what can be offered.

Now that I have this CatTools Syslog Server running how does it interact with a reporting tool? And again, which tool do you advise?

Thanks,

Paulo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: