01-04-2017 05:46 AM
Hi all,
Please, can you recommand for me an open source tool that I can use to redirect syslog from cisco asa so I can show vpn sessions with some details from any date and any time I suggest
Thank you in advance
Solved! Go to Solution.
01-05-2017 07:53 AM
You can export as a CSV file from Graylog:
http://docs.graylog.org/en/2.1/pages/auditlog/usage.html?highlight=csv
With ELK Stack there's a plug-in that enables this functionality:
https://github.com/minewhat/es-csv-exporter
However if your data set is so small that Excel is your analysis tool, you are probably fine with the plain text files that free Kiwi saves. It's trivial to parse them in Excel and make a macro if it's something you need to do regularly.
01-04-2017 11:26 AM
Pretty much every Linux distribution comes with syslog included. I prefer Ubuntu myself.
01-04-2017 09:33 PM
Not open source but free is the free version of SolarWinds Kiwi Syslog Server. I have used this in conjunction with tweaking the log settings on the ASA to elevate the severity level of VPN login/logout to critical (default in informational if I recall correctly) so that I can log only critical messages and then a very small set of log event on my syslog server showing mostly VPN events.
01-05-2017 07:23 AM
Thank you Mr. Marvin,
I agree with you about using kiwi as a syslog server but I want to khnow is ; kiwi can it reload logs from any time and any date that I want (I mean for example loading logs from last month or last two months) ?
Thank you in advance
01-05-2017 07:28 AM
You're welcome.
The free Kiwi server will archive syslog messages as flat files, one file per day. You search old messages by opening up the files in a text editor.
The paid version uses a database with user-selectable retention time. It's limited mostly by your storage capacity (although if you are generating a large volume of messages the database might get slow after some time).
If you have high end requirements you might be better served by something like ELK Stack or Graylog server (both open source) or Splunk (licensed product and potentially very expensive).
01-05-2017 07:43 AM
Thank you Mr. Marvin but I need a tool that can generate log message in excel file. Graylog and ELK do that or not?
01-05-2017 07:53 AM
You can export as a CSV file from Graylog:
http://docs.graylog.org/en/2.1/pages/auditlog/usage.html?highlight=csv
With ELK Stack there's a plug-in that enables this functionality:
https://github.com/minewhat/es-csv-exporter
However if your data set is so small that Excel is your analysis tool, you are probably fine with the plain text files that free Kiwi saves. It's trivial to parse them in Excel and make a macro if it's something you need to do regularly.
01-09-2017 02:17 AM
Thank you Mr. Marvin for all clarifications
Best regrads
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide