Advice on a good logfile analyzer for ASA & FWSM (ACS)?

Roble Mumin · ‎03-11-2010

Hey All,

i am in need of working logfile analyzer for ASA and/or FWSM series log messages. I would prefer a linux based open source tool with the capabilities to highlight false logins and pipe the output into some kind of mail alert component. A huge plus would be the ability to parse Secure ACS output as well.

Thanks for reading

Roble

Kureli Sankar · ‎03-11-2010

check out http://www.rsyslog.com/

-KS

Roble Mumin · ‎03-11-2010

Hey KS,

thanks for the quick answer. rsyslog looks like another logdeamon and my configuration with syslog-ng works out fine so far.

Maybe i overlooked something in the rsyslog docs but i need a log parser not a log deamon.

Roble

Kureli Sankar · ‎03-11-2010

Sorry my bad. check this out: http://www.loganalysis.org/

We just use cat, grep, sed, awk and uniq to parse through syslogs.

-KS

Panos Kampanakis · ‎03-11-2010

Cisco MARS can also do it and run reports for you.

PK

Roble Mumin · ‎03-12-2010

Hey PK,

i would like a MARS but unfortunately this solution is a bit oversized for the current demand. I actually found something which works pretty well allthough its a retail product.

http://www.manageengine.com/products/firewall/

Roble