cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1054
Views
0
Helpful
4
Replies

Looking for ACL syslog analyzer

cranch
Level 1
Level 1

Hello,

Simple question, really. I'm looking for a simple, inexpensive syslog analyzer that will monitor acl deny messages, and output intrusion signature information.

Thanks,

Chris Ranch

4 Replies 4

jeff_caprock
Level 1
Level 1

We're logging to a MS SQL Server v7 database, and then running sql scripts like

SELECT DateTimeLocal, MessageText

FROM Syslog

WHERE DateTimeLocal Like 'Oct __ 2002%' AND MessageText Like '%Line protocol on Interface Ethernet0/1%'

ORDER BY DateTimeLocal DESC;

to search for certain conditions. Make this a stored procedure, and then you can use the Web Assistant to output web pages at regular intervals for any condition that is logged to the table. We have a special we site that produces hourly reports - all network devices log to this database.

-Jeff

Thanks Jeff, but that doesn't help. I have a Kiwi syslog server, and the reports I'm interested in are attack signatures based on acl deny messages. Something like Reportgen from RnR, but for acls, not PIX.

Thanks anyway.

Chris

ttorgerson
Level 1
Level 1

enter the world of swatch...

http://www.oit.ucsb.edu/~eta/swatch/

hope this helps... !!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: