Re: Cisco PIX log analyzer, parser, reporter?

[Devdas Bhagat <dvb () users sourceforge net>]

On 04/10/06 19:44 -0700, Vahid Pazirandeh wrote:
> That got your attention didn't it?  I know this is a lengthy subject,
> because I was reading through the other thread titled "parsing logs
> ultra-fast inline".
>
> Is there a "logwatch" equivalent that reports on PIX v7.x logs (not v6)? 
> Logwatch (http://freshmeat.net/projects/logwatch/) is just so simple, and does
> some reporting on syslog files.
>
> I just have one PIX device to worry about.  Should I just come up with a list
> of include/exclude regexps instead of trying to find some tool?  Should I
> collect iptables logs too?
That would depend on how complex you are trying to make your parser. A
simplistic parser would allow you to filter out noise in the logs, and
let you focus on the objects of interest. Collecting iptables logs as
well is a good idea, provided that you can do something with them.

> I'm probably missing the bigger picture of network security reporting.  Your
> experience and helpful tips are appreciated. :-)
The loganalysis list would probably be a better place to look for that
information.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards