Firewall Wizards mailing list archives
Re: Reporting Server
From: "K K" <kkadow () gmail com>
Date: Fri, 6 Apr 2007 14:32:48 -0500
On 4/5/07, Eric Anderson <strasser () etronics-online com> wrote:
I'm interested in what other admins are using for a reporting server for syslog analysis.
There are two issues here, loosely coupled: 1) Receiving syslog events. 2) Generating reports. For #1, I prefer to use syslog-ng to accept and filter syslog events. A free and very flexible syslog daemon, syslog-ng has a commercial branch coming soon, see http://www.balabit.com/products/syslog_ng/
syslog server receiving packets from a PIX 515E and I want to run reports on IP traffic.
There are a number of free products to parse and report PIX log data, the first place to start is Marcus Ranum's canonical site, http://www.loganalysis.org/ One issue with syslog from PIX firewalls is that you either have to live with the problem of dropped UDP log packets, or live with the TCP logging "feature" Cisco invented, where the firewall will stop accepting connections if it can't write to the log server. Kevin _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Reporting Server Eric Anderson (Apr 06)
- Re: Reporting Server John.Crissup (Apr 06)
- Re: Reporting Server kevin horvath (Apr 06)
- Re: Reporting Server Dave Piscitello (Apr 12)
- Re: Reporting Server Daniel Salinas (Apr 17)
- Re: Reporting Server Richard Golodner (Apr 18)
- Re: Reporting Server Dave Piscitello (Apr 12)
- Re: Reporting Server K K (Apr 09)
- Re: Reporting Server Linder, Erik (Apr 10)