Log Analysis for ASA & AIP-SSM

Unanswered Question
Mar 30th, 2009

What is the best tool to gather syslogs from multiple Cisco ASAs & Cisco IPS.

Preferably I would like to use a single machine to get logs from 4 firewalls, 2 IPSs and multiple Web/DB servers running Apache & mysql.

What solution would you recommend for log archival, log Analysis and Report Generation for these many logs.

Thanks

D.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Fri, 04/03/2009 - 08:06

PIX 7.0 has introduced very granular filtering techniques to allow only certain specified syslog messages to be presented. The Basic Syslog section of this document demonstrates a traditional syslog configuration. The Advanced Syslog section of this document shows the new syslog features in 7.0.

https://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

cisco24x7 Fri, 04/03/2009 - 08:49

"Preferably I would like to use a single machine to get logs from 4 firewalls, 2 IPSs and multiple Web/DB servers running Apache & mysql.

What solution would you recommend for log archival, log Analysis and Report Generation for these many logs. "

Syslog-ng and Simple Event Correlation (SEC). Both of these are freeware.

Actions

This Discussion