cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3167
Views
0
Helpful
8
Replies

Firewall Log Management Software

kerraj2004
Level 1
Level 1

Can anyone recommend any firewall log management software that are proven?

8 Replies 8

bfflusek
Level 1
Level 1

Hello,

Just curious what you are looking to do with the logs. Right now I have an install of KiwiSyslog daemon running on a Windows system and it does a nice job of collecting the logs and archiving them off on a schedule for me. The problem is that they are just big text files and can be rather hard to do much with. Are you just needing to capture and archive them?

Bill

Bill,

Yes, I'm looking to capture and archive them so that incase we need to review the logs we not left with a labor intensive process to put them into a readable format. Is this basically what you are doing too?

Thanks,

Adam

That is what we are doing. The problem comes down to the level of detail that you log and what you plan to do with it. If you are just looking to troubleshoot issues, then I don't think it is as big of a deal that they are big text files. Right now, with errors level logging, I'm capturing about 30MB per day from some of my firewalls. If I up that to warning, it will go to 55-60MB/day. I had one at informational for a bit today and I got 30MB of logs in an hour. But, by going to informational, I got a key piece of information to help fix a problem. The files are just text syslog files and I've been opening them in NotePad on a Windows 2000 server where they get captured. Normally they would be going to a NetForensics system for analysis too, but it is currnetly down and awaiting an upgrade. If I had time, I would be looking at tools to help parse them for general use, but for troubleshooting they work fine as they are.

Does that help any?

Bill

Adam,

I suggest you to try ManageEngine Firewall Analyzer.

The product almost support all the leading vendors in the industry. The product is segregated in to the three categories and they are,

     1.Traffic

    2.Security

    3.Management

1. Traffic Statistics:

      This will give you the complete bandwidth information that was transacted through out the network with multiple drill analysis such as Source, Destination, Protocol, Hits, Bytes Sent, Bytes Received etc. You can even do capacity planning and forecasting with the product.

2. Security Statistics:

       Security Statistics (Reports) will display all malicious events in your network. It will help you to know the various threats and attacks to the company from outside to inside and vice versa.

3. Management Statistics:

       This will help you to do audit and security configuration analysis which includes change management, compliance report. This will point out the loop holes of the network and assist you to fix it.

Why Firewall Analyzer?

*Support for Firewall and security devices from multiple vendors

*Real-time bandwidth monitoring

*Employee internet usage with URL monitoring

*Real-time alerting

*Firewall Change Management reports

*Security Audit & Configuration Analysis reports

*Diagnose live connections

*Capability to view traffic trends and usage patterns (Capacity Planning)

*Powerful search for forensic and security analysis

*Multi-level drill down into top hosts, protocols, web sites and more

*Network security reports

*Firewall compliance reports

*Flexible and secured log data archiving

*Rebranding, User based views and dashboard for MSSP Support

and more

http://www.manageengine.com/products/firewall/features.html

I recommend you to evaluate the fully functioned 30 days evaluation copy and check if it helps you to acheive your use case.

Regards,

Vignesh.K

Firewall Analyzer

I've used Splunk for logs and more.  It has pretty powerful searching and event alerting functions that gives you a lot of control over searching the data.

http://www.splunk.com/

Good luck!

Ed

Cost wise Event Log Analyser would be the best bet since it will read logs of servers, AD etc too ( instead of getting Firewall Analyzer ).

Good morning

You may want to look at Log Siphon. We released it back in Jan and there has been three releasing since then.

http:www.logsiphon.com

Thank you

We also have Active Respone System (ARS) that was released mid last year that ties nicely to Cisco's ASA's for proactive blocking.

http://www.rmjars.com

Our Global Threat Center site feeds from our ARS and IDS deployments were we are blocking over 7400 IP addresses and growing daily on our firewall.

http://www.rmjgtc.com

Thank you