Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Looking for ACL syslog analyzer

Hello,

Simple question, really. I'm looking for a simple, inexpensive syslog analyzer that will monitor acl deny messages, and output intrusion signature information.

Thanks,

Chris Ranch

3 REPLIES
Community Member

Re: Looking for ACL syslog analyzer

We're logging to a MS SQL Server v7 database, and then running sql scripts like

SELECT DateTimeLocal, MessageText

FROM Syslog

WHERE DateTimeLocal Like 'Oct __ 2002%' AND MessageText Like '%Line protocol on Interface Ethernet0/1%'

ORDER BY DateTimeLocal DESC;

to search for certain conditions. Make this a stored procedure, and then you can use the Web Assistant to output web pages at regular intervals for any condition that is logged to the table. We have a special we site that produces hourly reports - all network devices log to this database.

-Jeff

Community Member

Re: Looking for ACL syslog analyzer

Thanks Jeff, but that doesn't help. I have a Kiwi syslog server, and the reports I'm interested in are attack signatures based on acl deny messages. Something like Reportgen from RnR, but for acls, not PIX.

Thanks anyway.

Chris

Community Member

Re: Looking for ACL syslog analyzer

enter the world of swatch...

http://www.oit.ucsb.edu/~eta/swatch/

hope this helps... !!!

107
Views
0
Helpful
3
Replies
CreatePlease to create content