06-16-2005 10:13 AM - edited 02-21-2020 12:12 AM
Due to volume level we are having to comply with the CPI regulations in order to continue to process credit cards.
I am looking for a PIX 515 log analysis tool. I have used the syslog conifguration before but the logs are so big they are useless without some form of tools to monitor it.
It would need to notify an admin in case of certain events.
Thanks in advance.
06-16-2005 10:50 AM
you can look into Cisco's SIM software/appliance
06-16-2005 01:38 PM
This looks like overkill for monitoring a PIX. How much does it cost and how big a server does it need? I would most likely run it on Linux.
Thanks
06-16-2005 09:02 PM
Hi,
I am using Kivi Syslog Daemon. It runs uneder Windows, not Linux.
It can, howewer be setup to notify about certain patterns in Syslog strings.
06-17-2005 05:42 AM
Thank you. I think this is more like what I was looking for.
06-21-2005 03:53 AM
You could also check this out...
http://jeremy.chartier.free.fr/snortalog/
It will generate a more graphical report of your log file (PIX, checkpoint, snort)
06-21-2005 05:27 AM
Thank you. I didn't see e-mail notification. Does it support it?
06-21-2005 05:13 AM
I was going through the same thing. We generate roughly 9 million syslog events a day through our PIX boxes and Kiwi wasn't cutting it. Have a look at the software from eiqnetworks. I've evaluated several products and this one looks to be the best for cost/performance.
Another one (lower end, cheaper cost) is RnR ReportGen. It's not bad, but not quite enough reporting in there for my tastes.
http://www.reportgen.com/index.php
If anyone else has tried some others I'd like to hear about them too - I'm still considering my options.
06-21-2005 06:48 AM
If you are already have the syslog data on a unix platform, you can use swatch (Simple Log Watcher) to notify you of events. This is the method I use.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide