Archived from groups: comp.security.firewalls,alt.certification.cisco (
More info?)
In article <ogERe.15173$cY.13241@trndny06>,
Ghareeb Rahi <discussion@InvalidDomain.com> wrote:
oes any one know of a good log viewer for PIX. I downloaded kiwiLog, which
:is good but its too much data in raw format. I need to see traffic going
:in/out from one of our servers and it is a pain to read the logs manually.
There isn't one, really.
If all you need is very simple traffic volume plotting, then
you can use the PIX plugin for "sawmill".
If what you need is to zero in on just the records for the server,
but you want to look at all of them in their original formats,
then log to a file and "grep" the relevant IP address from the file.
[Okay, "find" instead of "grep" since KiwiLog implies you are working
with Windows]
If you were logging to a Unix-type box, you could get a more
sophisticated syslogd that could break the output up into files
based upon regular expressions and other criteria.
If you want to do a bit of traffic analysis then you could adapt
the simple perl script I posted,
http://groups.google.ca/group/comp.dcom.sys.cisco/msg/37ddb0b6234c1e48
Network Intelligence used to have a product that did firewall log
analysis, but they discontinued that.
Most analysis beyond the above is done by custom proprietary tools.
[I've considered putting together a commercial product myself, but
considering the relatively low response level on this topic, I am
doubtful that the market would be big enough to make the effort
worthwhile... not unless I actively went around to companies and
plugged it. Firewall log analysis is, though, largely part of the
broader topic of Intrusion Analysis, which is a significantly more
difficult task.]
--
Look out, there are llamas!