Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
5205
Views
0
Helpful
3
Replies

ASA log analyzer

Go to solution
Michal Valach
Level 1
Level 1

‎02-05-2016 01:27 AM - edited ‎03-12-2019 12:14 AM

Hello, on ASA interface is "permit any any" rule, and I need to create ACL based on that log. Is anybody aware about any tool which can do it?

Many thanks for advice

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-05-2016 07:46 AM

Can you please explain some more?

Do you want to see all connections and flows transiting the firewall?

If so, you can just turn your system logging up to level 6 (informational). All TCP connections, UDP and ICMP flows will then create a syslog message that you can see either in the logging buffer, ASDM log screen or on any third party syslog server destination you have defined.

The log messages are just plain text records so you can parse and analyze them on your external syslog server using anything from simple text sorting, to *nix tools like grep and sed, to the capabilities of a commercial syslog analyzer like Kiwi syslog analyzer. You can also use the capability built into a fuill feature network management tool like Cisco Prime Infrastructure or Solarwinds NPM.  

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-05-2016 07:46 AM

Can you please explain some more?

Do you want to see all connections and flows transiting the firewall?

If so, you can just turn your system logging up to level 6 (informational). All TCP connections, UDP and ICMP flows will then create a syslog message that you can see either in the logging buffer, ASDM log screen or on any third party syslog server destination you have defined.

The log messages are just plain text records so you can parse and analyze them on your external syslog server using anything from simple text sorting, to *nix tools like grep and sed, to the capabilities of a commercial syslog analyzer like Kiwi syslog analyzer. You can also use the capability built into a fuill feature network management tool like Cisco Prime Infrastructure or Solarwinds NPM.  

0 Helpful

Go to solution
Michal Valach
Level 1
Level 1
In response to Marvin Rhoads

‎02-07-2016 02:21 AM

Hello Marvin,

We have 4 interfaces, were last ACL rule is " permit any any ( level 6)", and those logs are sent to some syslog. So yes what I did was usign grep/pipe and excel to create flow from the logs.

I was asking if there is any tool, but I believe there is not. Algosec/Tufin can do it as Ji Won mentioned it, but they are analysing flow online. But I have txt file and have to extract it.

Thank you

0 Helpful

Go to solution
Ji-Won Park
Level 1
Level 1

‎02-05-2016 08:41 PM

Hi,

There are a few tools available for your need, none of them is free though as this is one critical piece that lots of security admins want to address.

The one I've used is called AFA (AlgoSec Firewall Analyzer) featured called Intelligent Policy Tuning (there are FireMON, Tuffin as well) You have to connect this appliance to the FW and send specific logs to the appliance so that the appliance will give you more tighter rules and objects instead of any any.

Hope this helps.

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top