Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.
msitzman Mon, 06/09/2003 - 14:16
User Badges:

You have a few *free* options. Ther eis always the Cisco Secure PIX Firewall Syslog server that you can download from CCO. Another windows based server is the Kiwi syslog server.

However, you can also use the standard unix syslog deamon and run swatch (http://swatch.sourceforge.net/) to parse your syslog files for pertinent events.

This is just one example of a way to analyze your log files. There are many more tools and scripts out there but anyhting free is going to take more setup resources. Compare what it would take to set something like this up to installing the CiscoWorks tool that has everything built-in for you...


shannong Mon, 06/09/2003 - 15:51
User Badges:
  • Silver, 250 points or more

What do you mean by analye? If you want alerts about a specific message, use Kiwi syslog as it is very flexible and easy to configure for alerting. To analyze the syslog messages, I recommend Fwlogwatch and ReportGen. Both are *nix freeware apps that provide HTML reports of Pix syslog messages. FWlogwatch is only concerned with summarizing "Deny"s while ReportGen creates statistical reports based on "Built Inbound" and "Built Outbound" messages. Using all three of these tools together is provides a lot of useful information for "free".

mnlatif Mon, 06/09/2003 - 16:00
User Badges:

Thanks All.

I need something for Unix platform, so Kiwi Syslog is of no use.

I knew the limitation with Fwlogwatch (only considers Deny), i will take a look at ReportGen. I was also considering LIRE (http://logreport.org/) however i haven't tested that as yet.

However all the above can't do RealTime analysis, but as recommended "swatch" will be able to provide that functionality.

Thanks again.

\\ Naman


This Discussion