Let me back up a second, I read your post and assumed you wanted deep
traffic analysis (source/destination/services/traffic amount,
netflow-type stuff). If that's the case, then the mirror port and
analysis box would be your best bet, as the PIX has pretty limited
capabilities for traffic accounting. There are thousands of free
analysis tools that can include IDS, packet inspection, etc that will
do deep analysis.
However, if you just want to look at general system logging analysis
(rather than analyzing your traffic), you should look at splunk
(www.splunk.com) to sift through the logs that the PIX is forwarding
to your syslog server.
Also, just googling, but here's a decent list of log analysis tools:
http://www.loganalysis.org/sections/parsing/application-specific/index.html
-Karl
On 3/28/07, Shahin Ansari <zohal52@yahoo.com> wrote:
> Would mirroring inside traffic give you more information than logging
> ability of the firewall? Or is this done to relieve the burnden from the
> firewall? If this is discussed in the thread you sent, then please
> disregard my email.
>
> Security Guy <security@sligoinc.com> wrote:
> This perl script might help you:
>
> http://groups.google.ca/group/comp.dcom.sys.cisco/browse_thread/thread/972a527ba458f06/37ddb0b6234c1e48#37ddb0b6234c1e48
>
> another option (also discussed in that thread) would be to mirror the
> inside port of the PIX and run traffic analysis against that (there
> are numerous apps that will do this for you, I just can't think of any
> off the top of my head), but this would require a switch that supports
> mirroring and another box to do the analysis. More complicated, but
> you're probably going to get a more accurate reading than groking what
> you get from the PIX syslog output
>
> HTH
>
> -Karl
>
> On 3/27/07, Adrian Grigorof wrote:
> >
> > Hello,
> >
> > Not open source but good (we hope):
> > http://www.eventid.net/firegen/firegenpix2.asp (I am one
> of
> > the developers).
> >
> > Regards,
> >
> > Adrian Grigorof
> > www.altairtech.ca
> > www.eventid.net
> >
> >
> >
> > fRANz wrote:
> > Hi.
> > Anyone can suggest me a good solution (preferred OpenSource) for
> > summarizing and accounting Cisco PIX (ver. 6.x, 7.x) logs?
> >
> > Regards,
> > -f
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@listserv.icsalabs.com
> >
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> >
> >
> >
> >
> >
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@listserv.icsalabs.com
> >
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> >
> >
>
>
> --
> -Karl
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
>
> ________________________________
> Finding fabulous fares is fun.
> Let Yahoo! FareChase search your favorite travel sites to find flight and
> hotel bargains.
>
>
--
-Karl
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|