Realtime Log analyzer for PIX

mnlatif · ‎06-09-2003

Hi,

I am looking for a OpenSource\Free realtime log analyzer for PIX syslog messages.

Any recommendations ?

Regards \\ Naman

msitzman · ‎06-09-2003

You have a few *free* options. Ther eis always the Cisco Secure PIX Firewall Syslog server that you can download from CCO. Another windows based server is the Kiwi syslog server.

However, you can also use the standard unix syslog deamon and run swatch (http://swatch.sourceforge.net/) to parse your syslog files for pertinent events.

This is just one example of a way to analyze your log files. There are many more tools and scripts out there but anyhting free is going to take more setup resources. Compare what it would take to set something like this up to installing the CiscoWorks tool that has everything built-in for you...

Marcus

shannong · ‎06-09-2003

What do you mean by analye? If you want alerts about a specific message, use Kiwi syslog as it is very flexible and easy to configure for alerting. To analyze the syslog messages, I recommend Fwlogwatch and ReportGen. Both are *nix freeware apps that provide HTML reports of Pix syslog messages. FWlogwatch is only concerned with summarizing "Deny"s while ReportGen creates statistical reports based on "Built Inbound" and "Built Outbound" messages. Using all three of these tools together is provides a lot of useful information for "free".

mnlatif · ‎06-09-2003

Thanks All.

I need something for Unix platform, so Kiwi Syslog is of no use.

I knew the limitation with Fwlogwatch (only considers Deny), i will take a look at ReportGen. I was also considering LIRE (http://logreport.org/) however i haven't tested that as yet.

However all the above can't do RealTime analysis, but as recommended "swatch" will be able to provide that functionality.

Thanks again.

\\ Naman