We're logging to a MS SQL Server v7 database, and then running sql scripts like
SELECT DateTimeLocal, MessageText
WHERE DateTimeLocal Like 'Oct __ 2002%' AND MessageText Like '%Line protocol on Interface Ethernet0/1%'
ORDER BY DateTimeLocal DESC;
to search for certain conditions. Make this a stored procedure, and then you can use the Web Assistant to output web pages at regular intervals for any condition that is logged to the table. We have a special we site that produces hourly reports - all network devices log to this database.
Thanks Jeff, but that doesn't help. I have a Kiwi syslog server, and the reports I'm interested in are attack signatures based on acl deny messages. Something like Reportgen from RnR, but for acls, not PIX.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...