Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4497
Views
3
Helpful
4
Replies

Firewall Log Analyzer

yuchenglai
Level 1
Level 1

‎08-20-2008 07:23 AM - edited ‎03-11-2019 06:33 AM

I was wondering if anyone has a recommendation on a good firewall log analyzer...that can analyze if there are attacks taking place, etc?

1 person had this problem
Labels:
0 Helpful
4 Replies 4

dhananjoy chowdhury
Level 5
Level 5

‎08-20-2008 07:50 AM

You can try this

http://manageengine.adventnet.com/products/firewall/

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-20-2008 11:22 AM

MARS would be the number one choice if your firewall is from Cisco. Juniper also has a SIM now. This is from a previous post:

Have you looked at Cisco MARS? (Its actaully a SEM)

http://www.cisco.com/en/US/products/ps6241/products_data_sheets_list.html

http://www.sawmill.net/features.html

(Found it to be pretty nice, but might be pricy)

If you want a real-time thing, fireplotter is pretty cool:

www.fireplotter.com

Alternates:

http://manageengine.adventnet.com/products/firewall/

(never tried it tough)

http://www.eventid.net/firegen/firegenpix2.asp

(had serious performance issues)

Some more:

http://www.windowsecurity.com/software/Firewall-security-log-analyzers/

Please rate if helpful

Regards

Farrukh

yuchenglai
Level 1
Level 1
In response to Farrukh Haroon

‎08-20-2008 11:32 AM

What is a SEM? I've seen Cisco MARS at a demonstration, but it just strikes me as pricey particularly when I know we will not be able to fully leverage its capabilities. I just need something that will analyze firewall logs for now. Will Cisco MARS allow incremental license purchases as needed?

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to yuchenglai

‎08-20-2008 11:43 AM

SEM = Security Event Management

SIM = Security Incident Management

STM = Security Threat Management (Cisco Marketing Word)

Cisco MARS is licensed on an EPS basis. EPS means Events per second. You can just go for the smallest model available. It is worth the price IMHO.

In ASA version 8.x there is a feature called threat detection, that might also help you in this regard.

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card