I have four PIX firewalls that I manage I also have one FreeBSD IDS (Snort -> MySQL -> ACID). I have recently gotten to the point where I need to centralize the monitoring. I have two Network Monitoring systems One is
Win2K which runs CiscoWorks 2k Routed WAN and SolarWinds Bandwidth Monitor, then another Red Hat 7.1 running MRTG, Apache and various perl scripts I use for rolling out changes to the Network. I am considering adding an Free(or Open)BSD IDS at every firewall and was thinking of using each as a local syslog server as well, but my staff needs an easy GUI for sorting through syslog messages to debug PIX problems. I would like to maintain a syslog server/IDS at each site and have the syslog messages collected in a central location where a windows based tool can be used to filter through all the entries at once. I do want each site to have its own copy of the local syslog messages incase the WAN goes down but I do not want the staff to have to connect to each individual server. Any suggestions?
