Firewall Wizards mailing list archives
Re: Cisco PIX log analyzer, parser, reporter?
From: Devdas Bhagat <dvb () users sourceforge net>
Date: Sat, 7 Oct 2006 12:21:00 +0530
On 04/10/06 19:44 -0700, Vahid Pazirandeh wrote:
That got your attention didn't it? I know this is a lengthy subject, because I was reading through the other thread titled "parsing logs ultra-fast inline". Is there a "logwatch" equivalent that reports on PIX v7.x logs (not v6)? Logwatch (http://freshmeat.net/projects/logwatch/) is just so simple, and does some reporting on syslog files. I just have one PIX device to worry about. Should I just come up with a list of include/exclude regexps instead of trying to find some tool? Should I collect iptables logs too?
That would depend on how complex you are trying to make your parser. A simplistic parser would allow you to filter out noise in the logs, and let you focus on the objects of interest. Collecting iptables logs as well is a good idea, provided that you can do something with them.
I'm probably missing the bigger picture of network security reporting. Your experience and helpful tips are appreciated. :-)
The loganalysis list would probably be a better place to look for that information. Devdas Bhagat _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco PIX log analyzer, parser, reporter? Vahid Pazirandeh (Oct 06)
- Re: Cisco PIX log analyzer, parser, reporter? Brian Loe (Oct 08)
- Scans on UDP 38072 Adrian Grigorof (Oct 27)
- Re: Scans on UDP 38072 PaulM (Oct 29)
- Scans on UDP 38072 Adrian Grigorof (Oct 27)
- Re: Cisco PIX log analyzer, parser, reporter? Devdas Bhagat (Oct 08)
- Re: Cisco PIX log analyzer, parser, reporter? Brian Loe (Oct 08)