RE: [fw-wiz] (no subject)

From: Melson, Paul (PMelson_at_sequoianet.com)
Date: 03/23/04

  • Next message: Don Kendrick: "Re: [fw-wiz] outbound traffic security risk"
    To: "Hilal Hussein" <hilalma@hotmail.com>, <firewall-wizards@honor.icsalabs.com>
    Date: Tue, 23 Mar 2004 09:15:38 -0500
    
    

    If all you want is a syslog server and and the ability to open large log
    files in a Win32 environment, look into Kiwi Syslog Server. There is a
    version that runs as a service, and it has a seperate logfile viewer
    that will open large files. Kiwi is easily the most flexible syslog
    server available, and it's dirt cheap. (http://www.kiwisyslog.com/) I
    have deployed it in conjunction with traditional firewall analysis tools
    that have their own syslog server just because Kiwi is that much more
    flexible.

    Beyond that, 400MB is a decent size for a 24hr PIX logfile. You may
    want to consider looking into a firewall analysis tool to help you get a
    better look at what's actually going on. For this, I personally prefer
    (and often recommend to customers) eIQ FirewallAnalyzer or
    FirewallAnalyzer Enterprise. (http://www.eiqnetworks.com)

    PaulM

    ObDisclaimer: The views above are my personal opinion and not
    necessarily those of my employer, my maker, my wife, or anyone else to
    whom I am beholden, blah-blah-blah. My employer is a reseller of eIQ
    products, but I would and do recommend FA/FAE regardless. Don't believe
    me? Don't believe me. Both eIQ products and Kiwi have free trial
    downloads so you can see for yourself.

    -----Original Message-----
    Dear List,

    i have cisco pix firewall that is sending it log data to a cisco syslog
    server (windowsxp workstation).
    it is working fine with me since it is a service, so i willl be sure
    that it
    is running whenever the server is up and running.

    But i have two questions concerning this syslog:
    1 - the log files are too big since everyfile contains the whole day
    logs,
    and since the file size is about 400 + Mb, i am not able to open it.
    kindly,
    is there any third party utility which i can use to manage (open, check,

    filter, ....) the log files of the cisco syslog?

    2 - is there any other syslog server which could work with the cisco pix

    firewalls, and which is a service and NOT an application?
    your fast respond is highly appreciated,
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Don Kendrick: "Re: [fw-wiz] outbound traffic security risk"

    Relevant Pages

    • RE: Syslog server
      ... firewall device that needs a syslog server? ... Does it then accept any connections sent to it or do you still have to ... If I did this could I then point my firewall to ... On a couple of other matters; if you can avoid using Outlook please do - ...
      (Ubuntu)
    • Re: [fw-wiz] VPNs on PIX
      ... connection permit-ipsec'). ... because it means that you're firewall admins don't get it. ... centralized syslog server, ...
      (Firewall-Wizards)
    • RE: Syslog server
      ... Does it then accept any connections sent to it or do you still have to ... If I did this could I then point my firewall to syslog to ... How do I open up the syslog server on Breezy Badger to allow ... # Options for start/restart the daemons For remote UDP logging use ...
      (Ubuntu)
    • Re: Logging IP address when Administrator logs in
      ... There is no way to do this natively [unless you use Windows XP or 2003 ... and enable the Windows firewall]. ... both logs to the same syslog server in real time. ... > which PCs the Administrator user is logging in. ...
      (microsoft.public.win2000.security)
    • RE: CISCO PIX and syslog server UDP info messages
      ... CISCO PIX and syslog server UDP info messages ... Oct 8 10:55:08 mypixfirewall %PIX-6-302005: Built UDP connection for faddr ...
      (Security-Basics)