07-31-2003 03:24 PM - edited 02-20-2020 10:54 PM
Simply put, I am looking for a log analysis tool for the PIX similiar to that of Checkpoint's (I know a dirty word) log file analyzer. I would think that to support multiple PIX's, the ideal product would have a robust back-end database tied into a syslog server (for data collection) and possibly a web front-end. It should support multiple PIX's, each supporting 10Mb+ bandwidth, with ALL traffic being logged.
I am NOT just looking for "summary" reports, but also want to search a given time frame by IP, protocol, port, etc, and see all matches for all traffic seen by the firewall. I would also need to see all/selected traffic in real-time, as it passes through the firewalls (for troubleshooting).
So far the only thing that I have come accross that seems to offer this functionality would be the suite of products from NetIQ. Can anyone else recommend some other ENTERPRISE reporting tools for the PIX?
Thanks in advance....
Scott Daffron
Sentara Healthcare
08-01-2003 05:30 AM
http://www.network-intelligence.com/
Their stuff should be exactly what you seek.
08-01-2003 05:34 AM
Hi Scott,
Symantec has recently developped their SESA infrastructure. They have a plug-in for several security vendors (Check Point, Cisco PIX, ...). It is a robust back-end database with a graphical user interface for reporting. It also provides event aggregation and correlation.
Regards,
Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide