Firewall Wizards mailing list archives
RE: (no subject)
From: "Wes Noonan" <mailinglists () wjnconsulting com>
Date: Tue, 23 Mar 2004 08:48:28 -0600
You can filter in the PIX dropping logging of mundane things like "connection permitted" since you have to explicitly allow a connection. You can do this with the "no logging message" command. I prefer Kiwi Syslog for logging. It allows you to do everything that you have specified, plus you can set it up to alert as well as use it to generate a hash on the log that you can use to ensure log integrity. The filtering capabilities are very robust and you can configure it to archive every hour for example. About the only complaint I have with Kiwi is that it isn't web enabled so you can't view it from a remote workstation unless you run it in terminal services for example. I'm told there are some third party plugins for it that provide that functionality however (haven't had time to mess with it myself). HTH Wes Noonan mailinglists () wjnconsulting com http://www.wjnconsulting.com Hardening Network Infrastructure - A concise how to guide Available Spring 2004 Order at http://tinyurl.com/2nof4
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards- admin () honor icsalabs com] On Behalf Of Hilal Hussein Sent: Tuesday, March 23, 2004 02:42 To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] (no subject) Dear List, i have cisco pix firewall that is sending it log data to a cisco syslog server (windowsxp workstation). it is working fine with me since it is a service, so i willl be sure that it is running whenever the server is up and running. But i have two questions concerning this syslog: 1 - the log files are too big since everyfile contains the whole day logs, and since the file size is about 400 + Mb, i am not able to open it. kindly, is there any third party utility which i can use to manage (open, check, filter, ....) the log files of the cisco syslog? 2 - is there any other syslog server which could work with the cisco pix firewalls, and which is a service and NOT an application? your fast respond is highly appreciated, with regards, Hilal _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- (no subject) Hilal Hussein (Mar 23)
- Re: (no subject) Paul D. Robertson (Mar 23)
- Re: PIX syslog WAS: (no subject) Carson Gaspar (Mar 24)
- RE: (no subject) Robert L. Wanamaker (Mar 23)
- RE: (no subject) Victor Williams (Mar 23)
- RE: (no subject) Gwendolynn ferch Elydyr (Mar 24)
- Re: (no subject) Devdas Bhagat (Mar 23)
- RE: (no subject) Wes Noonan (Mar 23)
- Re: (no subject) Tina Bird (Mar 24)
- <Possible follow-ups>
- RE: (no subject) Melson, Paul (Mar 23)
- RE: (no subject) Dean Davis (Mar 23)
- RE: (no subject) Javier Sanchez Llera (Mar 24)
- RE: (no subject) Joshua M. Jones (Mar 24)
- RE: (no subject) Crissup, John (MBNP is) (Mar 24)
- Re: (no subject) Paul D. Robertson (Mar 23)