11-12-2008 09:18 PM - edited 02-21-2020 03:06 AM
Can someone suggest a good combination of application + syslog server to be able to receive syslog messages from a PIX firewall (v 6.3(4)) and produce understandable, layman report on what the messages mean? I'd like to find out things like 'why the firewall blocked this/that service' but simply does not have the time to sit there and go through thousands of messages. Hopefully the application would be able to let me select things such as source/dest addresses. Thanks.
11-13-2008 10:25 AM
Check out http://www.sawmill.net/
There are many others, google firewall log analysis
11-14-2008 11:54 AM
Take a look at splunk. There is a free version if you want to try it out. http://www.splunk.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide