Hi Oscar,
They are Free! =)
What do you mean when you say "handling the logs". Can you be a little more specific?
Do you just want to scan through your logs? Or do you want an application that will
filter your log files for key phrases or "signatures"?
Logging is a very complex issue. You can set your pix to log verbose (debugging) to
see everything (this is good for configuring to see exactly whats going on). Or you
can set your pix to log only "critical" activity.
check out:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v51/config/config.htm#xtocid2081550
Next you need to determine what OS your syslog server will be running to run the
appropriate syslog application.
I just grep my logfiles for phrases that match a set of signatures that I have
determined to be intrusive. You can do this with just about any word processing
application as well, for example Star Writer from Star Office has a search function
that works well.
Now if you're an ISP and your logs are 100gig a day you probably wont want to take
this approach =).
If anyone has an application that will parse standard syslog output automatically for
predetermined signatures I would definately be interested in talking to you. Not an
IDS mind you, all I want to do is parse standard syslog output.
cheers..
Marc..
>>> Oscar Rau <[EMAIL PROTECTED]> 08/30/00 01:27PM >>>
What tools are out there for handling the logs for Cisco PIX? How expensive
are these tools? I am infact looking for something that is inexpensive for
log analysis for PIX.
Any info appreciated. Thank you in advance.
--
Oscar Rau
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
