Re: [FW-1] FW-1 Logs to syslog server

Subject:	Re: [FW-1] FW-1 Logs to syslog server
From:	cisco4ng <cisco4ng AT YAHOO DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Tue, 7 Jun 2005 11:51:24 -0700

Hi,
I know this for a fact:
 
1) Evential can NOT analyze pix log 7.0 and Netscreen 5.3.  Furthermore, it can 
log analyze log from Cisco 12.3 either.
 
www.high-tower.com is what tom needs.  It gather all the logs from all devices 
on
your network, analyze it and turn it into an IDS.
 


Reinhard Stich <r.stich AT INTERNET-SECURITY DOT AT> wrote:
hi,

At 20:01 07.06.2005, cisco4ng wrote:
>http://www.high-tower.com.
>
>This appliance is exactly what you need. It works with
>Netscreen, Checkpoint, Cisco IOS, Pix, and much more.
>Eventia only works with checkpoint.

that's wrong, eventia is also able to analyze pix logs and others.

but I think tom want's something different ...

>Tom Louis wrote:
>I am looking into possible solutions to putting all of
>our logs into a single repository, I have been looking
>at eventia which I like the product, it does a good
>job of digging through the logs and making some
>reports which turns your logs into an IDS.

you can enable syslog on your checkpoint mgmt-station and have syslog 
information in the checkpoint log database, then eventia also gets these logs.

>But I am also looking at sending the checkpoint logs
>to a syslog server and I am curious is this possible
>to have checkpoint ship logs off as syslog?

there is no standard-feature. if you want the logs in real-time there you 
will need to script something. if you do a "fw log" on a module you see the 
logs as a text in the console - so you need to send this output via syslog ...

cheers
reinhard

>We already have a huge syslog server and I would like
>to use it also, but I can not find where to tell
>checkpoint to ship out syslog.
>
>Thanks for your help
>
>Tom
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam? Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================

-- 
Reinhard Stich ASSIST R.Stich AT internet-security DOT at
Internet Security AG, 1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

                
---------------------------------
Discover Yahoo!
 Have fun online with music videos, cool games, IM & more. Check it out!

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] FW-1 Logs to syslog server, Tom Louis Re: [FW-1] FW-1 Logs to syslog server, cisco4ng Re: [FW-1] FW-1 Logs to syslog server, Reinhard Stich Re: [FW-1] FW-1 Logs to syslog server, cisco4ng <= Re: [FW-1] FW-1 Logs to syslog server, Reinhard Stich [FW-1] Running HP Proliant health management drivers (HPASM) on Secure Platform, Alan Choyna Re: [FW-1] Running HP Proliant health management drivers (HPASM) on Secure Platform, cisco4ng Re: [FW-1] FW-1 Logs to syslog server, Steffen Re: [FW-1] FW-1 Logs to syslog server, Tom Louis [FW-1] IPSO code explaination, Dong Lin Re: [FW-1] IPSO code explaination, Carole Berger Re: [FW-1] IPSO code explaination, Dong Lin Re: [FW-1] IPSO code explaination, Reinhard Stich Re: [FW-1] IPSO code explaination, Ray

Previous by Date:	Re: [FW-1] NGX vs R55 ????, Reinhard Stich
Next by Date:	Re: [FW-1] FW-1 Logs to syslog server, Reinhard Stich
Previous by Thread:	Re: [FW-1] FW-1 Logs to syslog server, Reinhard Stich
Next by Thread:	Re: [FW-1] FW-1 Logs to syslog server, Reinhard Stich
Indexes:	[Date] [Thread] [Top] [All Lists]