bfflusek Thu, 05/11/2006 - 16:29
User Badges:


Just curious what you are looking to do with the logs. Right now I have an install of KiwiSyslog daemon running on a Windows system and it does a nice job of collecting the logs and archiving them off on a schedule for me. The problem is that they are just big text files and can be rather hard to do much with. Are you just needing to capture and archive them?


kerraj2004 Fri, 05/12/2006 - 12:22
User Badges:


Yes, I'm looking to capture and archive them so that incase we need to review the logs we not left with a labor intensive process to put them into a readable format. Is this basically what you are doing too?



bfflusek Fri, 05/12/2006 - 13:43
User Badges:

That is what we are doing. The problem comes down to the level of detail that you log and what you plan to do with it. If you are just looking to troubleshoot issues, then I don't think it is as big of a deal that they are big text files. Right now, with errors level logging, I'm capturing about 30MB per day from some of my firewalls. If I up that to warning, it will go to 55-60MB/day. I had one at informational for a bit today and I got 30MB of logs in an hour. But, by going to informational, I got a key piece of information to help fix a problem. The files are just text syslog files and I've been opening them in NotePad on a Windows 2000 server where they get captured. Normally they would be going to a NetForensics system for analysis too, but it is currnetly down and awaiting an upgrade. If I had time, I would be looking at tools to help parse them for general use, but for troubleshooting they work fine as they are.

Does that help any?


Chris_FWA Sun, 02/05/2012 - 05:20
User Badges:


I suggest you to try ManageEngine Firewall Analyzer.

The product almost support all the leading vendors in the industry. The product is segregated in to the three categories and they are,




1. Traffic Statistics:

      This will give you the complete bandwidth information that was transacted through out the network with multiple drill analysis such as Source, Destination, Protocol, Hits, Bytes Sent, Bytes Received etc. You can even do capacity planning and forecasting with the product.

2. Security Statistics:

       Security Statistics (Reports) will display all malicious events in your network. It will help you to know the various threats and attacks to the company from outside to inside and vice versa.

3. Management Statistics:

       This will help you to do audit and security configuration analysis which includes change management, compliance report. This will point out the loop holes of the network and assist you to fix it.

Why Firewall Analyzer?

*Support for Firewall and security devices from multiple vendors

*Real-time bandwidth monitoring

*Employee internet usage with URL monitoring

*Real-time alerting

*Firewall Change Management reports

*Security Audit & Configuration Analysis reports

*Diagnose live connections

*Capability to view traffic trends and usage patterns (Capacity Planning)

*Powerful search for forensic and security analysis

*Multi-level drill down into top hosts, protocols, web sites and more

*Network security reports

*Firewall compliance reports

*Flexible and secured log data archiving

*Rebranding, User based views and dashboard for MSSP Support

and more

I recommend you to evaluate the fully functioned 30 days evaluation copy and check if it helps you to acheive your use case.



Firewall Analyzer

Edwin Summers Sun, 02/05/2012 - 05:55
User Badges:
  • Bronze, 100 points or more

I've used Splunk for logs and more.  It has pretty powerful searching and event alerting functions that gives you a lot of control over searching the data.

Good luck!


jyothydas Mon, 02/13/2012 - 21:27
User Badges:

Cost wise Event Log Analyser would be the best bet since it will read logs of servers, AD etc too ( instead of getting Firewall Analyzer ).

ronrjenkins Thu, 03/15/2012 - 02:26
User Badges:

We also have Active Respone System (ARS) that was released mid last year that ties nicely to Cisco's ASA's for proactive blocking.

Our Global Threat Center site feeds from our ARS and IDS deployments were we are blocking over 7400 IP addresses and growing daily on our firewall.

Thank you


This Discussion