Archived from groups: comp.security.firewalls,alt.certification.cisco (More info?)

Hi,

Does any one know of a good log viewer for PIX. I downloaded kiwiLog, which
is good but its too much data in raw format. I need to see traffic going
in/out from one of our servers and it is a pain to read the logs manually.

Thanks.

Archived from groups: comp.security.firewalls,alt.certification.cisco (More info?)

Go to http://aboutmyx.com and download Syslog junction


Ghareeb Rahi wrote:
> Hi,
>
> Does any one know of a good log viewer for PIX. I downloaded kiwiLog, which
> is good but its too much data in raw format. I need to see traffic going
> in/out from one of our servers and it is a pain to read the logs manually.
>
> Thanks.
>
>

Archived from groups: comp.security.firewalls,alt.certification.cisco (More info?)

In article <ogERe.15173$cY.13241@trndny06>,
Ghareeb Rahi <discussion@InvalidDomain.com> wrote:
oes any one know of a good log viewer for PIX. I downloaded kiwiLog, which
:is good but its too much data in raw format. I need to see traffic going
:in/out from one of our servers and it is a pain to read the logs manually.

There isn't one, really.

If all you need is very simple traffic volume plotting, then
you can use the PIX plugin for "sawmill".

If what you need is to zero in on just the records for the server,
but you want to look at all of them in their original formats,
then log to a file and "grep" the relevant IP address from the file.
[Okay, "find" instead of "grep" since KiwiLog implies you are working
with Windows]

If you were logging to a Unix-type box, you could get a more
sophisticated syslogd that could break the output up into files
based upon regular expressions and other criteria.

If you want to do a bit of traffic analysis then you could adapt
the simple perl script I posted,

http://groups.google.ca/group/comp [...] b6234c1e48


Network Intelligence used to have a product that did firewall log
analysis, but they discontinued that.


Most analysis beyond the above is done by custom proprietary tools.


[I've considered putting together a commercial product myself, but
considering the relatively low response level on this topic, I am
doubtful that the market would be big enough to make the effort
worthwhile... not unless I actively went around to companies and
plugged it. Firewall log analysis is, though, largely part of the
broader topic of Intrusion Analysis, which is a significantly more
difficult task.]
--
Look out, there are llamas!

Archived from groups: comp.security.firewalls,alt.certification.cisco (More info?)

CSMARS from Cisco will distill logs from PIX, syslog, eventlog, etc. down
into correlated events. It's a hardware appliance which is a recent
acquisition (formerly Protego). It's not cheap, but it's designed to do what
you are asking.


"Ghareeb Rahi" <discussion@InvalidDomain.com> wrote in message
newsgERe.15173$cY.13241@trndny06...
> Hi,
>
> Does any one know of a good log viewer for PIX. I downloaded kiwiLog,
> which
> is good but its too much data in raw format. I need to see traffic going
> in/out from one of our servers and it is a pain to read the logs manually.
>
> Thanks.
>
>

Archived from groups: comp.security.firewalls,alt.certification.cisco (More info?)

Thanks. Syslog junction is nice and is doing exactly what I wanted.



"Jack Miller" <jm@asdfaf.com> wrote in message
newsmERe.19719$LK.4053@trndny09...
> Go to http://aboutmyx.com and download Syslog junction
>
>
> Ghareeb Rahi wrote:
> > Hi,
> >
> > Does any one know of a good log viewer for PIX. I downloaded kiwiLog,
which
> > is good but its too much data in raw format. I need to see traffic going
> > in/out from one of our servers and it is a pain to read the logs
manually.
> >
> > Thanks.
> >
> >