[fw-wiz] Cisco PIX log analyzer, parser, reporter?
- From: Vahid Pazirandeh <vpaziran@xxxxxxxxx>
- Date: Wed, 4 Oct 2006 19:44:25 -0700 (PDT)
That got your attention didn't it? I know this is a lengthy subject, because I
was reading through the other thread titled "parsing logs ultra-fast inline".
Is there a "logwatch" equivalent that reports on PIX v7.x logs (not v6)?
Logwatch (http://freshmeat.net/projects/logwatch/) is just so simple, and does
some reporting on syslog files.
I just have one PIX device to worry about. Should I just come up with a list
of include/exclude regexps instead of trying to find some tool? Should I
collect iptables logs too?
I'm probably missing the bigger picture of network security reporting. Your
experience and helpful tips are appreciated. :-)
[See Also]
http://www.ciscopress.com/articles/article.asp?p=424447&seqNum=4&rl=1
http://www.eventid.net/firewalls/MostPopularReports.asp
http://fwlogwatch.inside-security.de (pix v6 parser)
http://freshmeat.net/projects/logrep/
http://freshmeat.net/projects/pixla/ (what version is this for?)
-Vahid
=============================================
"Make it better before you make it faster."
=============================================
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] Cisco PIX log analyzer, parser, reporter?
- From: Devdas Bhagat
- Re: [fw-wiz] Cisco PIX log analyzer, parser, reporter?
- From: Brian Loe
- Re: [fw-wiz] Cisco PIX log analyzer, parser, reporter?
- Prev by Date: [fw-wiz] best practices for configuring two ASA5520 with IPS module in Active/Active failover mode
- Next by Date: Re: [fw-wiz] Static nat to a distant network?
- Previous by thread: [fw-wiz] best practices for configuring two ASA5520 with IPS module in Active/Active failover mode
- Next by thread: Re: [fw-wiz] Cisco PIX log analyzer, parser, reporter?
- Index(es):
