04-13-2005 01:02 AM - edited 03-10-2019 01:23 AM
Hi all.
I have an IDS configured on a PIX515e.
Information messages and Alarm messages generated generated from PIX are logged in a Linux box.
I appreciate any suggestion about some Linux tool that I can use to parse this log.
Tks in advance
Giovanni
04-14-2005 01:52 AM
Hi Giovanni
what do u mean by linux box here, that meant Linux OS is running on IDS appliance.
Do you have VMS or IDM ?
04-14-2005 11:21 PM
I have configured the logging facielities of PIX Firewall so the firewall can write log messages (alarms and info) om my Slack10.1 server usins linux syslog.
Yesterday I tryed an open source log analyzer, fwanalog, it seems to be a good choice.
If someone else is interested in
http://tud.at/programm/fwanalog/
Tks for the answer
Giovanni
04-15-2005 01:21 AM
I have not read this entire paper myself but when I saw your question regarding the analysis of Cisco logs, I though that you could do with all of the information you can get your hands on.
Take a look at this URL and let me know if it helps you in anyway.
04-15-2005 02:18 AM
The paper focus on router logs, and I'm interested in PIX logs, but there is some useful information.
Also if I have found a good graphical analyzer (fwanalog), I started to write a shell-based pix log analyzer today.
The primary intent of this analyzer is to help me for a more accurated tuning of ACL in my PIX, according to
and then prevent false positives that can occour.
The report generated must take information about attack only logs, and then generate some stats (eg. source and dest ip, source and dest interface...), so I can create a more accurated ACL on my signature.
I'll post some news about.
Tks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide