On 4/5/07, Eric Anderson <strasser@etronics-online.com> wrote:
> I'm interested in what other admins are using for a
> reporting server for syslog analysis.
There are two issues here, loosely coupled:
1) Receiving syslog events.
2) Generating reports.
For #1, I prefer to use syslog-ng to accept and filter syslog events.
A free and very flexible syslog daemon, syslog-ng has a commercial
branch coming soon, see http://www.balabit.com/products/syslog_ng/
> syslog server receiving packets from a PIX 515E and I want to run reports on
> IP traffic.
There are a number of free products to parse and report PIX log data,
the first place to start is Marcus Ranum's canonical site,
http://www.loganalysis.org/
One issue with syslog from PIX firewalls is that you either have to
live with the problem of dropped UDP log packets, or live with the TCP
logging "feature" Cisco invented, where the firewall will stop
accepting connections if it can't write to the log server.
Kevin
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|