Just curious what you are looking to do with the logs. Right now I have an install of KiwiSyslog daemon running on a Windows system and it does a nice job of collecting the logs and archiving them off on a schedule for me. The problem is that they are just big text files and can be rather hard to do much with. Are you just needing to capture and archive them?
Yes, I'm looking to capture and archive them so that incase we need to review the logs we not left with a labor intensive process to put them into a readable format. Is this basically what you are doing too?
That is what we are doing. The problem comes down to the level of detail that you log and what you plan to do with it. If you are just looking to troubleshoot issues, then I don't think it is as big of a deal that they are big text files. Right now, with errors level logging, I'm capturing about 30MB per day from some of my firewalls. If I up that to warning, it will go to 55-60MB/day. I had one at informational for a bit today and I got 30MB of logs in an hour. But, by going to informational, I got a key piece of information to help fix a problem. The files are just text syslog files and I've been opening them in NotePad on a Windows 2000 server where they get captured. Normally they would be going to a NetForensics system for analysis too, but it is currnetly down and awaiting an upgrade. If I had time, I would be looking at tools to help parse them for general use, but for troubleshooting they work fine as they are.
I suggest you to try ManageEngine Firewall Analyzer.
The product almost support all the leading vendors in the industry. The product is segregated in to the three categories and they are,
1. Traffic Statistics:
This will give you the complete bandwidth information that was transacted through out the network with multiple drill analysis such as Source, Destination, Protocol, Hits, Bytes Sent, Bytes Received etc. You can even do capacity planning and forecasting with the product.
2. Security Statistics:
Security Statistics (Reports) will display all malicious events in your network. It will help you to know the various threats and attacks to the company from outside to inside and vice versa.
3. Management Statistics:
This will help you to do audit and security configuration analysis which includes change management, compliance report. This will point out the loop holes of the network and assist you to fix it.
Why Firewall Analyzer?
*Support for Firewall and security devices from multiple vendors
*Real-time bandwidth monitoring
*Employee internet usage with URL monitoring
*Firewall Change Management reports
*Security Audit & Configuration Analysis reports
*Diagnose live connections
*Capability to view traffic trends and usage patterns (Capacity Planning)
*Powerful search for forensic and security analysis
*Multi-level drill down into top hosts, protocols, web sites and more
*Network security reports
*Firewall compliance reports
*Flexible and secured log data archiving
*Rebranding, User based views and dashboard for MSSP Support
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...