Re: [fw-wiz] Reporting Server
- From: "K K" <kkadow@xxxxxxxxx>
- Date: Fri, 6 Apr 2007 14:32:48 -0500
On 4/5/07, Eric Anderson <strasser@xxxxxxxxxxxxxxxxxxx> wrote:
I'm interested in what other admins are using for a
reporting server for syslog analysis.
There are two issues here, loosely coupled:
1) Receiving syslog events.
2) Generating reports.
For #1, I prefer to use syslog-ng to accept and filter syslog events.
A free and very flexible syslog daemon, syslog-ng has a commercial
branch coming soon, see http://www.balabit.com/products/syslog_ng/
syslog server receiving packets from a PIX 515E and I want to run reports on IP traffic.
There are a number of free products to parse and report PIX log data,
the first place to start is Marcus Ranum's canonical site,
http://www.loganalysis.org/
One issue with syslog from PIX firewalls is that you either have to
live with the problem of dropped UDP log packets, or live with the TCP
logging "feature" Cisco invented, where the firewall will stop
accepting connections if it can't write to the log server.
Kevin
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] Reporting Server
- From: Eric Anderson
- [fw-wiz] Reporting Server
- Prev by Date: Re: [fw-wiz] Fw: Update on 1720/1863 (was: Re: OT? New compromise.)
- Next by Date: [fw-wiz] DEF CON One Five CfP in effect!
- Previous by thread: Re: [fw-wiz] Reporting Server
- Next by thread: Re: [fw-wiz] Reporting Server
- Index(es):
Relevant Pages
|
|
