×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Looking for ACL syslog analyzer

Unanswered Question
Nov 4th, 2002
User Badges:

Hello,


Simple question, really. I'm looking for a simple, inexpensive syslog analyzer that will monitor acl deny messages, and output intrusion signature information.


Thanks,


Chris Ranch

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jeff_caprock Mon, 11/04/2002 - 16:20
User Badges:

We're logging to a MS SQL Server v7 database, and then running sql scripts like


SELECT DateTimeLocal, MessageText

FROM Syslog

WHERE DateTimeLocal Like 'Oct __ 2002%' AND MessageText Like '%Line protocol on Interface Ethernet0/1%'

ORDER BY DateTimeLocal DESC;


to search for certain conditions. Make this a stored procedure, and then you can use the Web Assistant to output web pages at regular intervals for any condition that is logged to the table. We have a special we site that produces hourly reports - all network devices log to this database.


-Jeff


cranch Tue, 11/05/2002 - 10:24
User Badges:

Thanks Jeff, but that doesn't help. I have a Kiwi syslog server, and the reports I'm interested in are attack signatures based on acl deny messages. Something like Reportgen from RnR, but for acls, not PIX.


Thanks anyway.


Chris

Actions

This Discussion