09-17-2008 02:13 AM - edited 03-11-2019 06:45 AM
I am after a good Firewall Analyzer & Reporter for cisco PIX, ASA's. Dont mind open source.
I would like to minitor the followings
Traffic and Bandwidth Monitoring
Employee Internet Monitoring
Firewall Rules and URLs Monitoring
Firewall Alerts & Notifications
Firewall Alert Administration
Firewall Reports
VPN Reports
Proxy Server Reports
Network Security Reports
Custom Reports
Ad-hoc Reports & Scheduling Reports
Raw Log Search and Reports
Historical Trend Analysis
09-17-2008 04:51 AM
Syslog server could be:
- Kiwi Syslog:
- 30COM Deamon
http://www.ncat.co.uk/Download/
- There is also a Cisco Syslog Server which supports TCP Syslog 514 - pfss512.exe
http://www.cisco.com/cgi-bin/tablebuild.pl/pix?sort=release
Commercial products that creates graphs and analyzes Syslog to generate stats could be:
- FireGen http://www.eventid.net/firegen/
- Try this one FWLOGSUM (Freeware).
http://www.ginini.com/software/fwlogsum/
http://www.ginini.com/software/fwlogsum/converters/
It uses basicly PERL scripts and supports a wide range of Firewalls. You just need to install Perl in your Windows environment.
- Try Sawmill (Eval version)
- EIQ Networks Network Security Analyzer eiqnetworks.com
Hope that gives you some ideas what to try.
#############
Also,
You can opt for :
MARS
HP OPENVIEW
Regards,
Sushil
09-17-2008 05:20 AM
Sushil,
i also need something to monitor vpn usage.
09-17-2008 05:23 AM
Some info which might be helpful in ' monitoring VPN ':
How to monitor VPN sessions, and specific info ( ex: number of sessions, source of session ,date ,duration, bandwidth used etc. )
Possible solutions :
1) Included with Cisco Security Manager is an application called Performance Monitor, which supports the monitoring of remote-access and site-to-site VPNs.
Links:
Security Manager:
http://www.cisco.com/go/csmanager
Performance Monitor User Guide:
http://www.cisco.com/en/US/products/ps6498/products_user_guide_book09186a00806b7a60.html
Performance Monitor originates from the previous security managment product called CiscoWorks VMS and is currently not undergoing much further enhancement.
Performance Monitor requires a different license file. For Security Manager 3.0, the license file is included on the DVD, but for 3.1 it is delivered via registering the included PAK on Cisco.com and receiving via email. The Performance Monitor license file is installed using the Common Services browser interface (not the Security Manager client). Click CiscoWorks in the upper right of the browser after logging in, then Common Services > Server > Admin > Licensing.
2) Open source tool which can be used :
3) Using the ASDM --> Under monitoring, VPN statistics, Sessions you can filter by Remote Access, Site-to-Site, clientless SSL, SSL client or email proxy. Under Site-to-Site there are stats for connection/IP address, protocol/encryption, login time/duration and Bytes TX/RX
Do rate helpful posts.
Regards,
Sushil
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide