I have configured the logging facielities of PIX Firewall so the firewall can write log messages (alarms and info) om my Slack10.1 server usins linux syslog.

Yesterday I tryed an open source log analyzer, fwanalog, it seems to be a good choice.

If someone else is interested in

http://tud.at/programm/fwanalog/

Tks for the answer

Giovanni

I have not read this entire paper myself but when I saw your question regarding the analysis of Cisco logs, I though that you could do with all of the information you can get your hands on.

Take a look at this URL and let me know if it helps you in anyway.

http://www.networkingunlimited.com/white007.html

The paper focus on router logs, and I'm interested in PIX logs, but there is some useful information.

Also if I have found a good graphical analyzer (fwanalog), I started to write a shell-based pix log analyzer today.

The primary intent of this analyzer is to help me for a more accurated tuning of ACL in my PIX, according to

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1830/products_feature_guide_chapter09186a00800881c0.html

and then prevent false positives that can occour.

The report generated must take information about attack only logs, and then generate some stats (eg. source and dest ip, source and dest interface...), so I can create a more accurated ACL on my signature.

I'll post some news about.

Tks