Firewall Log Analyzer

Unanswered Question
Aug 20th, 2008

I was wondering if anyone has a recommendation on a good firewall log analyzer...that can analyze if there are attacks taking place, etc?

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Farrukh Haroon Wed, 08/20/2008 - 11:22

MARS would be the number one choice if your firewall is from Cisco. Juniper also has a SIM now. This is from a previous post:

Have you looked at Cisco MARS? (Its actaully a SEM)

(Found it to be pretty nice, but might be pricy)

If you want a real-time thing, fireplotter is pretty cool:


(never tried it tough)

(had serious performance issues)

Some more:

Please rate if helpful



yuchenglai Wed, 08/20/2008 - 11:32

What is a SEM? I've seen Cisco MARS at a demonstration, but it just strikes me as pricey particularly when I know we will not be able to fully leverage its capabilities. I just need something that will analyze firewall logs for now. Will Cisco MARS allow incremental license purchases as needed?

Farrukh Haroon Wed, 08/20/2008 - 11:43

SEM = Security Event Management

SIM = Security Incident Management

STM = Security Threat Management (Cisco Marketing Word)

Cisco MARS is licensed on an EPS basis. EPS means Events per second. You can just go for the smallest model available. It is worth the price IMHO.

In ASA version 8.x there is a feature called threat detection, that might also help you in this regard.




This Discussion