Re: [fw-wiz] (no subject)
From: Tina Bird (tbird_at_precision-guesswork.com)
Date: 03/23/04
- Previous message: Wes Noonan: "RE: [fw-wiz] (no subject)"
- In reply to: Hilal Hussein: "[fw-wiz] (no subject)"
- Next in thread: Joshua M. Jones: "RE: [fw-wiz] (no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Hilal Hussein <hilalma@hotmail.com> Date: Tue, 23 Mar 2004 10:16:16 -0800 (PST)
Hi Hilal --
On Tue, 23 Mar 2004, Hilal Hussein wrote:
> But i have two questions concerning this syslog:
> 1 - the log files are too big since everyfile contains the whole day logs,
> and since the file size is about 400 + Mb, i am not able to open it. kindly,
> is there any third party utility which i can use to manage (open, check,
> filter, ....) the log files of the cisco syslog?
>
Before you get into selecting the right tool to do the filtering and
analysis, you might want to spend a bit of time thinking about what sort
of events you want to monitor. If you've never looked at system logs
before, my own personal prejudice is to turn off the network connection
logging (which is probably what's making your logs so large) and take a
look at what's generated by administrative events and the like. Get that
stuff tuned and running so you get the alerts you want, and >then< start
working with the connection logs.
I've got a "work in progress" document at:
http://www.loganalysis.org/sections/parsing/application-specific/firewall-logging.html
You'll notice that the PIX section is woefully incomplete, but there's a
lot of good information in there that's platform independent, anyhow.
[contributions gratefully accepted, especially if anyone wants to write
something about the PIX]
> 2 - is there any other syslog server which could work with the cisco pix
> firewalls, and which is a service and NOT an application?
I believe you've gotten lots of answers on this one, so I'll repeat my
main point -- rather than trying to make sense out of what you're being
handed, you'll get faster results if you think about what you'd like to
know and go for that...
And of course, the LogAnalysis mailing list is another resource available
to you (information on www.loganalysis.org).
cheers -- tbird
--
The only question to which XML is the answer is, "How can I avoid getting
any work done?"
-- Russ Allbery
http://www.precision-guesswork.com
Log Analysis http://www.loganalysis.org
VPN http://vpn.shmoo.com
tbird's Security Alerts http://securecomputing.stanford.edu/alert.html
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Wes Noonan: "RE: [fw-wiz] (no subject)"
- In reply to: Hilal Hussein: "[fw-wiz] (no subject)"
- Next in thread: Joshua M. Jones: "RE: [fw-wiz] (no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
