Log Analysis for ASA & AIP-SSM

Unanswered Question
Mar 30th, 2009
User Badges:


What is the best tool to gather syslogs from multiple Cisco ASAs & Cisco IPS.


Preferably I would like to use a single machine to get logs from 4 firewalls, 2 IPSs and multiple Web/DB servers running Apache & mysql.


What solution would you recommend for log archival, log Analysis and Report Generation for these many logs.


Thanks

D.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Fri, 04/03/2009 - 08:06
User Badges:

PIX 7.0 has introduced very granular filtering techniques to allow only certain specified syslog messages to be presented. The Basic Syslog section of this document demonstrates a traditional syslog configuration. The Advanced Syslog section of this document shows the new syslog features in 7.0.


https://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

cisco24x7 Fri, 04/03/2009 - 08:49
User Badges:
  • Silver, 250 points or more

"Preferably I would like to use a single machine to get logs from 4 firewalls, 2 IPSs and multiple Web/DB servers running Apache & mysql.


What solution would you recommend for log archival, log Analysis and Report Generation for these many logs. "


Syslog-ng and Simple Event Correlation (SEC). Both of these are freeware.

Actions

This Discussion