Re: ASA log viewer

[Jonathan Lassoff <jof () thejof com>]

On Sat, Nov 19, 2011 at 5:32 PM, Duane Toler <detoler () gmail com> wrote:

> On Sat, Nov 19, 2011 at 20:04, Jay Ashworth <jra () baylink com> wrote:
> > ----- Original Message -----
> > > From: "Duane Toler" <detoler () gmail com>
> >
> > > My employer is deploying CIsco ASA firewalls to our clients
> > > (specifically the 5505, 5510 for our smaller clients). We are having
> > > problems finding a decent log viewer. Several products seem to mean
> > > well, but they all fall short for various reasons. We primarily use
> > > Check Point firewalls, and for those of you with that experience, you
> > > know the SmartViewer Tracker is quite powerful. Is there anything
> > > close to the flexibility and filtering capabilities of Check Point's
> > > SmartView Tracker?
> >
> > Is your problem the aggregation proper, or the mining?
> >
> > Do the ASA's log to syslog?
> >
> > Cheers,
> > -- jra
> > --
>
> Yep, we log to syslog, and the issue is the mining.  Not that I/we
> *can't* grep/regex/sed/awk/perl our way thru the log files.  It's just
> that it's overly tedious.  Especially when compared to Check Point's
> product (given that they are aiming to compete...).

I'd second Mike's suggestion then -- check out Splunk. They make a
commercial log viewing, searching, and reporting product that's pretty
awesome. They license based on log volume, and the pricing scales somewhat
logarithmically. So, I would consider your log volume and budget before
sinking too much time into it.

There's a free trial installation and license that's available if you want
to try it out.

Cheers,
jof