03-08-2007 03:21 AM - edited 02-21-2020 01:26 AM
HI there
I have a Cisco PIX 515E. I am able to retrieve the sys log from an AIX server, and i can break them in files by severity or by error code. Anyway it is still a lot of work to read all of these logs.
My question is simple. Is there any Cisco Software or any recommended software that will simplify the job of reading the logs?
Regards
03-08-2007 07:50 AM
Syslog server could be:
- Kiwi Syslog:
- 30COM Deamon
http://www.ncat.co.uk/Download/
- There is also a Cisco Syslog Server which supports TCP Syslog 514 - pfss512.exe
http://www.cisco.com/cgi-bin/tablebuild.pl/pix?sort=release
Commercial products that creates graphs and analyzes Syslog to generate stats could be:
- FireGen http://www.eventid.net/firegen/
- Try this one FWLOGSUM (Freeware).
http://www.ginini.com/software/fwlogsum/
http://www.ginini.com/software/fwlogsum/converters/
It uses basicly PERL scripts and supports a wide range of Firewalls. You just need to install Perl in your Windows environment.
- Try Sawmill (Eval version)
- EIQ Networks Network Security Analyzer eiqnetworks.com
Hope that gives you some ideas what to try.
Regards,
Sushil
03-12-2007 06:55 PM
If you are looking for a syslog solution there are a number of good syslog devices.
Log Logic is really nice and is an appliance and you can also get a 2T storage with it.
However, if you want to just have something correlate the logs for you and see the events that are possible issues. Check out CS-MARS.
It is actually better to use both solutions though. Store your logs on a syslog server and have CS-MARS correlate the events and show you what are possible threats.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide