Firewall Wizards mailing list archives

RE: PIX Logging Analysis

From: "Perrymon, Josh L." <PerrymonJ () bek com>
Date: Wed, 19 Mar 2003 15:25:05 -0600

This is an interesting problem with the PIX. I'm looking into writing a log
viewer myself. The problem is that I don't know
of a way for the PIX to report this data to my backend. From what I know I
only get info from debugs and so on...   
I would like to have something that listed all the traffic passing through
the PIX..  This has to be possible..  

Anyway, I think it's great that some of this is being developed by security
professionals.

-Joshua Perrymon
Network Security Consultant

-----Original Message-----
From: John Adams [mailto:jna () retina net]
Sent: Wednesday, March 05, 2003 3:51 PM
To: Paul Stewart
Cc: firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] PIX Logging Analysis


On Tue, 4 Mar 2003, Paul Stewart wrote:

HI everyone..

I'm new to the list and apologize if I'm asking a dumb question..:)

We are looking at deploying Cisco PIX 501's for some smaller customers

[...]

Hopefully someone will tell me that open source solutions exist for
Linux.. At least I can hope... At the moment I am syslogging everything
back via UDP but what exists to analyize this data?


I wrote a log analysis tool awhile back for Pixie that is open source, and 
not complete, but it may provide some of the analysis you need.

It's at:

http://www.retina.net/~jna/pixie

It uses PHP and Mysql to parse and analyze Pix syslog data, then it 
generates reports (like top # of denied hosts, # of denied ports, etc.) 

All of the data is hyperlinked so you can browse and traverse the dataset. 
It worked well for a small company I was at a year or two ago. 

-john 

-- 
J. Adams                                        http://www.retina.net/~jna

The secret of knowing where you are, is knowing what time it is. --
Anonymous


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

PIX Logging Analysis Paul Stewart (Mar 05)
- Re: PIX Logging Analysis Dave Rinker (Mar 05)
  - RE: PIX Logging Analysis Paul Stewart (Mar 05)
    - RE: PIX Logging Analysis Dave Rinker (Mar 06)
- Re: PIX Logging Analysis John Adams (Mar 05)
- <Possible follow-ups>
- re: PIX Logging Analysis Eye Am (Mar 06)
- Re: PIX Logging Analysis Mike Hoskins (Mar 06)
- RE: PIX Logging Analysis Perrymon, Josh L. (Mar 19)
  - RE: PIX Logging Analysis John Adams (Mar 19)