Re: [fw-wiz] PIX Logging Analysis

From: John Adams (jna@retina.net)
Date: 03/05/03

  • Next message: Mike Hoskins: "[fw-wiz] Re: PIX Logging Analysis"
    From: John Adams <jna@retina.net>
    To: Paul Stewart <pauls@nexicom.net>
    Date: Wed, 5 Mar 2003 13:50:56 -0800 (PST)
    

    On Tue, 4 Mar 2003, Paul Stewart wrote:

    > HI everyone..
    >
    > I'm new to the list and apologize if I'm asking a dumb question..:)
    >
    > We are looking at deploying Cisco PIX 501's for some smaller customers
    [...]

    > Hopefully someone will tell me that open source solutions exist for
    > Linux.. At least I can hope... At the moment I am syslogging everything
    > back via UDP but what exists to analyize this data?

    I wrote a log analysis tool awhile back for Pixie that is open source, and
    not complete, but it may provide some of the analysis you need.

    It's at:

    http://www.retina.net/~jna/pixie

    It uses PHP and Mysql to parse and analyze Pix syslog data, then it
    generates reports (like top # of denied hosts, # of denied ports, etc.)

    All of the data is hyperlinked so you can browse and traverse the dataset.
    It worked well for a small company I was at a year or two ago.

    -john

    -- 
    J. Adams					http://www.retina.net/~jna
    The secret of knowing where you are, is knowing what time it is. -- Anonymous
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Mike Hoskins: "[fw-wiz] Re: PIX Logging Analysis"