Firewall Wizards mailing list archives
Re: PIX Logging Analysis
From: John Adams <jna () retina net>
Date: Wed, 5 Mar 2003 13:50:56 -0800 (PST)
On Tue, 4 Mar 2003, Paul Stewart wrote:
HI everyone.. I'm new to the list and apologize if I'm asking a dumb question..:) We are looking at deploying Cisco PIX 501's for some smaller customers
[...]
Hopefully someone will tell me that open source solutions exist for Linux.. At least I can hope... At the moment I am syslogging everything back via UDP but what exists to analyize this data?
I wrote a log analysis tool awhile back for Pixie that is open source, and not complete, but it may provide some of the analysis you need. It's at: http://www.retina.net/~jna/pixie It uses PHP and Mysql to parse and analyze Pix syslog data, then it generates reports (like top # of denied hosts, # of denied ports, etc.) All of the data is hyperlinked so you can browse and traverse the dataset. It worked well for a small company I was at a year or two ago. -john -- J. Adams http://www.retina.net/~jna The secret of knowing where you are, is knowing what time it is. -- Anonymous _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX Logging Analysis Paul Stewart (Mar 05)
- Re: PIX Logging Analysis Dave Rinker (Mar 05)
- RE: PIX Logging Analysis Paul Stewart (Mar 05)
- RE: PIX Logging Analysis Dave Rinker (Mar 06)
- RE: PIX Logging Analysis Paul Stewart (Mar 05)
- Re: PIX Logging Analysis John Adams (Mar 05)
- <Possible follow-ups>
- re: PIX Logging Analysis Eye Am (Mar 06)
- Re: PIX Logging Analysis Mike Hoskins (Mar 06)
- RE: PIX Logging Analysis Perrymon, Josh L. (Mar 19)
- RE: PIX Logging Analysis John Adams (Mar 19)
- Re: PIX Logging Analysis Dave Rinker (Mar 05)