Firewall Analyzer & Reporter

Unanswered Question
Sep 17th, 2008

I am after a good Firewall Analyzer & Reporter for cisco PIX, ASA's. Dont mind open source.

I would like to minitor the followings

Traffic and Bandwidth Monitoring

Employee Internet Monitoring

Firewall Rules and URLs Monitoring

Firewall Alerts & Notifications

Firewall Alert Administration

Firewall Reports

VPN Reports

Proxy Server Reports

Network Security Reports

Custom Reports

Ad-hoc Reports & Scheduling Reports

Raw Log Search and Reports

Historical Trend Analysis

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
suschoud Wed, 09/17/2008 - 04:51

Syslog server could be:

- Kiwi Syslog:

http://www.kiwisyslog.com/

- 30COM Deamon

http://www.ncat.co.uk/Download/

- There is also a Cisco Syslog Server which supports TCP Syslog 514 - pfss512.exe

http://www.cisco.com/cgi-bin/tablebuild.pl/pix?sort=release

Commercial products that creates graphs and analyzes Syslog to generate stats could be:

- FireGen http://www.eventid.net/firegen/

- Try this one FWLOGSUM (Freeware).

http://www.ginini.com/software/fwlogsum/

http://www.ginini.com/software/fwlogsum/converters/

It uses basicly PERL scripts and supports a wide range of Firewalls. You just need to install Perl in your Windows environment.

- Try Sawmill (Eval version)

http://www.sawmill.net/

- EIQ Networks Network Security Analyzer eiqnetworks.com

Hope that gives you some ideas what to try.

#############

Also,

You can opt for :

MARS

HP OPENVIEW

Regards,

Sushil

suschoud Wed, 09/17/2008 - 05:23

Some info which might be helpful in ' monitoring VPN ':

How to monitor VPN sessions, and specific info ( ex: number of sessions, source of session ,date ,duration, bandwidth used etc. )

Possible solutions :

1) Included with Cisco Security Manager is an application called Performance Monitor, which supports the monitoring of remote-access and site-to-site VPNs.

Links:

Security Manager:

http://www.cisco.com/go/csmanager

Performance Monitor User Guide:

http://www.cisco.com/en/US/products/ps6498/products_user_guide_book09186a00806b7a60.html

Performance Monitor originates from the previous security managment product called CiscoWorks VMS and is currently not undergoing much further enhancement.

Performance Monitor requires a different license file. For Security Manager 3.0, the license file is included on the DVD, but for 3.1 it is delivered via registering the included PAK on Cisco.com and receiving via email. The Performance Monitor license file is installed using the Common Services browser interface (not the Security Manager client). Click CiscoWorks in the upper right of the browser after logging in, then Common Services > Server > Admin > Licensing.

2) Open source tool which can be used :

http://cacti.net/

3) Using the ASDM --> Under monitoring, VPN statistics, Sessions you can filter by Remote Access, Site-to-Site, clientless SSL, SSL client or email proxy. Under Site-to-Site there are stats for connection/IP address, protocol/encryption, login time/duration and Bytes TX/RX

Do rate helpful posts.

Regards,

Sushil

Actions

This Discussion