https://community.cisco.com/t5/network-security/asa-log-analyzer/m-p/2793953#M172851 <P>Can you please explain some more?</P> <P>Do you want to see all connections and flows transiting the firewall?</P> <P>If so, you can just turn your system logging up to level 6 (informational). All TCP connections, UDP and ICMP flows will then create a syslog message that you can see either in the logging buffer, ASDM log screen or on any third party syslog server destination you have defined.</P> <P>The log messages are just plain text records so you can parse and analyze them on your external syslog server using anything from simple text sorting, to *nix tools like grep and sed, to the capabilities of a commercial syslog analyzer like Kiwi syslog analyzer. You can also use the capability built into a fuill feature network management tool like Cisco Prime Infrastructure or Solarwinds NPM. &nbsp;</P> Fri, 05 Feb 2016 15:46:27 GMT Marvin Rhoads 2016-02-05T15:46:27Z https://community.cisco.com/t5/network-security/asa-log-analyzer/m-p/2793952#M172849 <P>Hello, on ASA interface is "permit any any" rule, and I need to create ACL based on that log. Is anybody aware about any tool which can do it?</P> <P>Many thanks for advice</P> Tue, 12 Mar 2019 07:14:39 GMT https://community.cisco.com/t5/network-security/asa-log-analyzer/m-p/2793952#M172849 Michal Valach 2019-03-12T07:14:39Z https://community.cisco.com/t5/network-security/asa-log-analyzer/m-p/2793953#M172851 <P>Can you please explain some more?</P> <P>Do you want to see all connections and flows transiting the firewall?</P> <P>If so, you can just turn your system logging up to level 6 (informational). All TCP connections, UDP and ICMP flows will then create a syslog message that you can see either in the logging buffer, ASDM log screen or on any third party syslog server destination you have defined.</P> <P>The log messages are just plain text records so you can parse and analyze them on your external syslog server using anything from simple text sorting, to *nix tools like grep and sed, to the capabilities of a commercial syslog analyzer like Kiwi syslog analyzer. You can also use the capability built into a fuill feature network management tool like Cisco Prime Infrastructure or Solarwinds NPM. &nbsp;</P> Fri, 05 Feb 2016 15:46:27 GMT https://community.cisco.com/t5/network-security/asa-log-analyzer/m-p/2793953#M172851 Marvin Rhoads 2016-02-05T15:46:27Z https://community.cisco.com/t5/network-security/asa-log-analyzer/m-p/2793954#M172853 <P>Hi,</P> <P>There are a few tools available for your need, none of them is free though as this is one critical piece that lots of security admins want to address.</P> <P>The one I've used is called AFA (AlgoSec Firewall Analyzer) featured called Intelligent Policy Tuning (there are FireMON, Tuffin as well) You have to connect this appliance to the FW and send specific logs to the appliance so that the appliance will give you more tighter rules and objects instead of any any.</P> <P>Hope this helps.</P> <P>Thanks</P> Sat, 06 Feb 2016 04:41:27 GMT https://community.cisco.com/t5/network-security/asa-log-analyzer/m-p/2793954#M172853 Ji-Won Park 2016-02-06T04:41:27Z https://community.cisco.com/t5/network-security/asa-log-analyzer/m-p/2793955#M172854 <P>Hello Marvin,</P> <P>We have 4 interfaces, were last ACL rule is " permit any any ( level 6)", and those logs are sent to some syslog. So yes what I did was usign grep/pipe and excel to create flow from the logs.</P> <P>I was asking if there is any tool, but I believe there is not. Algosec/Tufin can do it as Ji Won mentioned it, but they are analysing flow online. But I have txt file and have to extract it.</P> <P>Thank you</P> <P></P> Sun, 07 Feb 2016 10:21:12 GMT https://community.cisco.com/t5/network-security/asa-log-analyzer/m-p/2793955#M172854 Michal Valach 2016-02-07T10:21:12Z