Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Firewall Log Management Software

Can anyone recommend any firewall log management software that are proven?

New Member

Re: Firewall Log Management Software


Just curious what you are looking to do with the logs. Right now I have an install of KiwiSyslog daemon running on a Windows system and it does a nice job of collecting the logs and archiving them off on a schedule for me. The problem is that they are just big text files and can be rather hard to do much with. Are you just needing to capture and archive them?


New Member

Re: Firewall Log Management Software


Yes, I'm looking to capture and archive them so that incase we need to review the logs we not left with a labor intensive process to put them into a readable format. Is this basically what you are doing too?



New Member

Re: Firewall Log Management Software

That is what we are doing. The problem comes down to the level of detail that you log and what you plan to do with it. If you are just looking to troubleshoot issues, then I don't think it is as big of a deal that they are big text files. Right now, with errors level logging, I'm capturing about 30MB per day from some of my firewalls. If I up that to warning, it will go to 55-60MB/day. I had one at informational for a bit today and I got 30MB of logs in an hour. But, by going to informational, I got a key piece of information to help fix a problem. The files are just text syslog files and I've been opening them in NotePad on a Windows 2000 server where they get captured. Normally they would be going to a NetForensics system for analysis too, but it is currnetly down and awaiting an upgrade. If I had time, I would be looking at tools to help parse them for general use, but for troubleshooting they work fine as they are.

Does that help any?


New Member

Firewall Log Management Software


I suggest you to try ManageEngine Firewall Analyzer.

The product almost support all the leading vendors in the industry. The product is segregated in to the three categories and they are,




1. Traffic Statistics:

      This will give you the complete bandwidth information that was transacted through out the network with multiple drill analysis such as Source, Destination, Protocol, Hits, Bytes Sent, Bytes Received etc. You can even do capacity planning and forecasting with the product.

2. Security Statistics:

       Security Statistics (Reports) will display all malicious events in your network. It will help you to know the various threats and attacks to the company from outside to inside and vice versa.

3. Management Statistics:

       This will help you to do audit and security configuration analysis which includes change management, compliance report. This will point out the loop holes of the network and assist you to fix it.

Why Firewall Analyzer?

*Support for Firewall and security devices from multiple vendors

*Real-time bandwidth monitoring

*Employee internet usage with URL monitoring

*Real-time alerting

*Firewall Change Management reports

*Security Audit & Configuration Analysis reports

*Diagnose live connections

*Capability to view traffic trends and usage patterns (Capacity Planning)

*Powerful search for forensic and security analysis

*Multi-level drill down into top hosts, protocols, web sites and more

*Network security reports

*Firewall compliance reports

*Flexible and secured log data archiving

*Rebranding, User based views and dashboard for MSSP Support

and more

I recommend you to evaluate the fully functioned 30 days evaluation copy and check if it helps you to acheive your use case.



Firewall Analyzer

Firewall Log Management Software

I've used Splunk for logs and more.  It has pretty powerful searching and event alerting functions that gives you a lot of control over searching the data.

Good luck!


New Member

Firewall Log Management Software

Cost wise Event Log Analyser would be the best bet since it will read logs of servers, AD etc too ( instead of getting Firewall Analyzer ).

New Member

Firewall Log Management Software

Good morning

You may want to look at Log Siphon. We released it back in Jan and there has been three releasing since then.

Thank you

New Member

Firewall Log Management Software

We also have Active Respone System (ARS) that was released mid last year that ties nicely to Cisco's ASA's for proactive blocking.

Our Global Threat Center site feeds from our ARS and IDS deployments were we are blocking over 7400 IP addresses and growing daily on our firewall.

Thank you