I came across this same problem recently at a client site. I am in the
process of writing a SQL database for the Syslog information. The Win32 Kiwi
Syslog ($49.95) will log directly to a SQL server through an ODBC
connection. I recommend logging locally to a file on the Syslog server as
well in case your database fills up/goes offline, etc. Basically they have
the database fields defined for you, as of the newer versions they are
configurable. After that you just write a couple general reports to search
through using a form in Microsoft Access. The reports take between 2 and 4
seconds to run on the active log content, and 30 seconds to 4 minutes on the
historical content. I working on writing some SQL script that will actually
parse the messages and break them out into their relevant parts, address
port protocol etc and store them in the historical table in a more compact
format. You may not want to keep all the data also. I am working on scripts
to scrub the data also, and remove things like "no translation group..."
from the historical. I have kinda gotten stalled as the database is
functional for basic searches and that is what I really needed. I am doing
it to learn SQL, but it is quite an undertaking. We looked at PrivateI but
they wanted $3500, forget, it, write your own. You will learn a lot more
about what each message in the Pix means that way, they all have a numerical
message identifier that can be used to parse thm based on type, I think that
is how PrivateI works too.
Ken Claussen MCSE CCNA CCA
[EMAIL PROTECTED]
"The Mind is a Terrible thing to Waste!"
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Tim Gallagher
Sent: Wednesday, May 02, 2001 11:32 AM
To: '[EMAIL PROTECTED]'
Subject: Low cost of free log analysizer
I have a client that is in dire need of a FW log analysizer however with
budget belts tightening all over I have started turning over rocks looking
for a half way decent analysizer that is either freeware or lost cost (like
under $200). I've worked with products like privateI but they simply don't
have the funds.
Any suggestions?
Thanks
Tim
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
