Re: [fw-wiz] PIX Logging Analysis
From: John Adams (jna@retina.net)
Date: 03/05/03
- Previous message: Paul Stewart: "RE: [fw-wiz] PIX Logging Analysis"
- In reply to: Paul Stewart: "[fw-wiz] PIX Logging Analysis"
- Next in thread: Perrymon, Josh L.: "RE: [fw-wiz] PIX Logging Analysis"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: John Adams <jna@retina.net> To: Paul Stewart <pauls@nexicom.net> Date: Wed, 5 Mar 2003 13:50:56 -0800 (PST)
On Tue, 4 Mar 2003, Paul Stewart wrote:
> HI everyone..
>
> I'm new to the list and apologize if I'm asking a dumb question..:)
>
> We are looking at deploying Cisco PIX 501's for some smaller customers
[...]
> Hopefully someone will tell me that open source solutions exist for
> Linux.. At least I can hope... At the moment I am syslogging everything
> back via UDP but what exists to analyize this data?
I wrote a log analysis tool awhile back for Pixie that is open source, and
not complete, but it may provide some of the analysis you need.
It's at:
http://www.retina.net/~jna/pixie
It uses PHP and Mysql to parse and analyze Pix syslog data, then it
generates reports (like top # of denied hosts, # of denied ports, etc.)
All of the data is hyperlinked so you can browse and traverse the dataset.
It worked well for a small company I was at a year or two ago.
-john
-- J. Adams http://www.retina.net/~jna The secret of knowing where you are, is knowing what time it is. -- Anonymous _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul Stewart: "RE: [fw-wiz] PIX Logging Analysis"
- In reply to: Paul Stewart: "[fw-wiz] PIX Logging Analysis"
- Next in thread: Perrymon, Josh L.: "RE: [fw-wiz] PIX Logging Analysis"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
