Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Firewall Log Analyzer

I was wondering if anyone has a recommendation on a good firewall log analyzer...that can analyze if there are attacks taking place, etc?

4 REPLIES

Re: Firewall Log Analyzer

Re: Firewall Log Analyzer

MARS would be the number one choice if your firewall is from Cisco. Juniper also has a SIM now. This is from a previous post:

Have you looked at Cisco MARS? (Its actaully a SEM)

http://www.cisco.com/en/US/products/ps6241/products_data_sheets_list.html

http://www.sawmill.net/features.html

(Found it to be pretty nice, but might be pricy)

If you want a real-time thing, fireplotter is pretty cool:

www.fireplotter.com

Alternates:

http://manageengine.adventnet.com/products/firewall/

(never tried it tough)

http://www.eventid.net/firegen/firegenpix2.asp

(had serious performance issues)

Some more:

http://www.windowsecurity.com/software/Firewall-security-log-analyzers/

Please rate if helpful

Regards

Farrukh

Community Member

Re: Firewall Log Analyzer

What is a SEM? I've seen Cisco MARS at a demonstration, but it just strikes me as pricey particularly when I know we will not be able to fully leverage its capabilities. I just need something that will analyze firewall logs for now. Will Cisco MARS allow incremental license purchases as needed?

Re: Firewall Log Analyzer

SEM = Security Event Management

SIM = Security Incident Management

STM = Security Threat Management (Cisco Marketing Word)

Cisco MARS is licensed on an EPS basis. EPS means Events per second. You can just go for the smallest model available. It is worth the price IMHO.

In ASA version 8.x there is a feature called threat detection, that might also help you in this regard.

Regards

Farrukh

3262
Views
3
Helpful
4
Replies
CreatePlease to create content