https://community.cisco.com/t5/network-security/ids-logging-and-linux/m-p/337072#M96468 <HTML><HEAD></HEAD><BODY><P>I have configured the logging facielities of PIX Firewall so the firewall can write log messages (alarms and info) om my Slack10.1 server usins linux syslog.</P><P>Yesterday I tryed an open source log analyzer, fwanalog, it seems to be a good choice.</P><P>If someone else is interested in</P><P> <A class="jive-link-custom" href="http://tud.at/programm/fwanalog/" target="_blank">http://tud.at/programm/fwanalog/</A></P><P></P><P>Tks for the answer</P><P>Giovanni</P></BODY></HTML> Fri, 15 Apr 2005 06:21:27 GMT giovanni.mellini 2005-04-15T06:21:27Z https://community.cisco.com/t5/network-security/ids-logging-and-linux/m-p/337070#M96465 <P>Hi all.</P><P>I have an IDS configured on a PIX515e. </P><P>Information messages and Alarm messages generated generated from PIX are logged in a Linux box.</P><P>I appreciate any suggestion about some Linux tool that I can use to parse this log.</P><P>Tks in advance</P><P>Giovanni</P> Sun, 10 Mar 2019 09:23:39 GMT https://community.cisco.com/t5/network-security/ids-logging-and-linux/m-p/337070#M96465 giovanni.mellini 2019-03-10T09:23:39Z https://community.cisco.com/t5/network-security/ids-logging-and-linux/m-p/337071#M96467 <HTML><HEAD></HEAD><BODY><P>Hi Giovanni</P><P></P><P>what do u mean by linux box here, that meant Linux OS is running on IDS appliance.</P><P></P><P>Do you have VMS or IDM ?</P><P></P><P></P></BODY></HTML> Thu, 14 Apr 2005 08:52:37 GMT https://community.cisco.com/t5/network-security/ids-logging-and-linux/m-p/337071#M96467 akhan2004 2005-04-14T08:52:37Z https://community.cisco.com/t5/network-security/ids-logging-and-linux/m-p/337072#M96468 <HTML><HEAD></HEAD><BODY><P>I have configured the logging facielities of PIX Firewall so the firewall can write log messages (alarms and info) om my Slack10.1 server usins linux syslog.</P><P>Yesterday I tryed an open source log analyzer, fwanalog, it seems to be a good choice.</P><P>If someone else is interested in</P><P> <A class="jive-link-custom" href="http://tud.at/programm/fwanalog/" target="_blank">http://tud.at/programm/fwanalog/</A></P><P></P><P>Tks for the answer</P><P>Giovanni</P></BODY></HTML> Fri, 15 Apr 2005 06:21:27 GMT https://community.cisco.com/t5/network-security/ids-logging-and-linux/m-p/337072#M96468 giovanni.mellini 2005-04-15T06:21:27Z https://community.cisco.com/t5/network-security/ids-logging-and-linux/m-p/337073#M96470 <HTML><HEAD></HEAD><BODY><P>I have not read this entire paper myself but when I saw your question regarding the analysis of Cisco logs, I though that you could do with all of the information you can get your hands on. </P><P></P><P>Take a look at this URL and let me know if it helps you in anyway.</P><P></P><P><A class="jive-link-custom" href="http://www.networkingunlimited.com/white007.html" target="_blank">http://www.networkingunlimited.com/white007.html</A></P><P></P></BODY></HTML> Fri, 15 Apr 2005 08:21:24 GMT https://community.cisco.com/t5/network-security/ids-logging-and-linux/m-p/337073#M96470 darin.marais 2005-04-15T08:21:24Z https://community.cisco.com/t5/network-security/ids-logging-and-linux/m-p/337074#M96471 <HTML><HEAD></HEAD><BODY><P>The paper focus on router logs, and I'm interested in PIX logs, but there is some useful information.</P><P>Also if I have found a good graphical analyzer (fwanalog), I started to write a shell-based pix log analyzer today.</P><P>The primary intent of this analyzer is to help me for a more accurated tuning of ACL in my PIX, according to</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1830/products_feature_guide_chapter09186a00800881c0.html" target="_blank">http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1830/products_feature_guide_chapter09186a00800881c0.html</A></P><P>and then prevent false positives that can occour.</P><P>The report generated must take information about attack only logs, and then generate some stats (eg. source and dest ip, source and dest interface...), so I can create a more accurated ACL on my signature.</P><P>I'll post some news about.</P><P>Tks </P></BODY></HTML> Fri, 15 Apr 2005 09:18:09 GMT https://community.cisco.com/t5/network-security/ids-logging-and-linux/m-p/337074#M96471 giovanni.mellini 2005-04-15T09:18:09Z