Re: [fw-wiz] Cisco PIX log analyzer, parser, reporter?
- From: Devdas Bhagat <dvb@xxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 7 Oct 2006 12:21:00 +0530
On 04/10/06 19:44 -0700, Vahid Pazirandeh wrote:
That got your attention didn't it? I know this is a lengthy subject,That would depend on how complex you are trying to make your parser. A
because I was reading through the other thread titled "parsing logs
ultra-fast inline".
Is there a "logwatch" equivalent that reports on PIX v7.x logs (not v6)?
Logwatch (http://freshmeat.net/projects/logwatch/) is just so simple, and does
some reporting on syslog files.
I just have one PIX device to worry about. Should I just come up with a list
of include/exclude regexps instead of trying to find some tool? Should I
collect iptables logs too?
simplistic parser would allow you to filter out noise in the logs, and
let you focus on the objects of interest. Collecting iptables logs as
well is a good idea, provided that you can do something with them.
I'm probably missing the bigger picture of network security reporting. YourThe loganalysis list would probably be a better place to look for that
experience and helpful tips are appreciated. :-)
information.
Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] Cisco PIX log analyzer, parser, reporter?
- From: Vahid Pazirandeh
- [fw-wiz] Cisco PIX log analyzer, parser, reporter?
- Prev by Date: Re: [fw-wiz] Static nat to a distant network?
- Next by Date: [fw-wiz] ARES 2007: Paper submission system is ready - Submission Deadline 19-11-2006
- Previous by thread: Re: [fw-wiz] Scans on UDP 38072
- Next by thread: [fw-wiz] ARES 2007: Paper submission system is ready - Submission Deadline 19-11-2006
- Index(es):
Relevant Pages
|
