Re: PIX 515 log analysis tools

drgnetwork · ‎06-16-2005

Due to volume level we are having to comply with the CPI regulations in order to continue to process credit cards.

I am looking for a PIX 515 log analysis tool. I have used the syslog conifguration before but the logs are so big they are useless without some form of tools to monitor it.

It would need to notify an admin in case of certain events.

Thanks in advance.

bparish · ‎06-16-2005

you can look into Cisco's SIM software/appliance

drgnetwork · ‎06-16-2005

This looks like overkill for monitoring a PIX. How much does it cost and how big a server does it need? I would most likely run it on Linux.

Thanks

eugene · ‎06-16-2005

Hi,

I am using Kivi Syslog Daemon. It runs uneder Windows, not Linux.

It can, howewer be setup to notify about certain patterns in Syslog strings.

drgnetwork · ‎06-17-2005

Thank you. I think this is more like what I was looking for.

ebeekman · ‎06-21-2005

You could also check this out...

http://jeremy.chartier.free.fr/snortalog/

It will generate a more graphical report of your log file (PIX, checkpoint, snort)

drgnetwork · ‎06-21-2005

Thank you. I didn't see e-mail notification. Does it support it?

jcotter · ‎06-21-2005

I was going through the same thing. We generate roughly 9 million syslog events a day through our PIX boxes and Kiwi wasn't cutting it. Have a look at the software from eiqnetworks. I've evaluated several products and this one looks to be the best for cost/performance.

http://www.eiqnetworks.com

Another one (lower end, cheaper cost) is RnR ReportGen. It's not bad, but not quite enough reporting in there for my tastes.

http://www.reportgen.com/index.php

If anyone else has tried some others I'd like to hear about them too - I'm still considering my options.

jasonhall · ‎06-21-2005

If you are already have the syslog data on a unix platform, you can use swatch (Simple Log Watcher) to notify you of events. This is the method I use.