08-20-2008 07:23 AM - edited 03-11-2019 06:33 AM
I was wondering if anyone has a recommendation on a good firewall log analyzer...that can analyze if there are attacks taking place, etc?
08-20-2008 07:50 AM
You can try this
08-20-2008 11:22 AM
MARS would be the number one choice if your firewall is from Cisco. Juniper also has a SIM now. This is from a previous post:
Have you looked at Cisco MARS? (Its actaully a SEM)
http://www.cisco.com/en/US/products/ps6241/products_data_sheets_list.html
http://www.sawmill.net/features.html
(Found it to be pretty nice, but might be pricy)
If you want a real-time thing, fireplotter is pretty cool:
Alternates:
http://manageengine.adventnet.com/products/firewall/
(never tried it tough)
http://www.eventid.net/firegen/firegenpix2.asp
(had serious performance issues)
Some more:
http://www.windowsecurity.com/software/Firewall-security-log-analyzers/
Please rate if helpful
Regards
Farrukh
08-20-2008 11:32 AM
What is a SEM? I've seen Cisco MARS at a demonstration, but it just strikes me as pricey particularly when I know we will not be able to fully leverage its capabilities. I just need something that will analyze firewall logs for now. Will Cisco MARS allow incremental license purchases as needed?
08-20-2008 11:43 AM
SEM = Security Event Management
SIM = Security Incident Management
STM = Security Threat Management (Cisco Marketing Word)
Cisco MARS is licensed on an EPS basis. EPS means Events per second. You can just go for the smallest model available. It is worth the price IMHO.
In ASA version 8.x there is a feature called threat detection, that might also help you in this regard.
Regards
Farrukh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide