Re: PIX Logging Analysis

[Mike Hoskins <mike () adept org>]

From: "Paul Stewart" <pauls () nexicom net>
Date: Tue, 4 Mar 2003 20:17:46 -0500
> We are looking at deploying Cisco PIX 501's for some smaller customers
> connected via DSL.  Their requests vary from wanting basic information
> on what we are protecting them from using a PIX right up to one customer
> who would like real-time or even within a few hours a listing of what
> all their employees are doing on the Internet.

Could "what [you] are protecting them from" simply be defined in your
security policy, or do they really want to know precisely what they're
being hit with in realtime?  If they won't have someone onsite that can
respond, realtime notification is probably overkill.

> Hopefully someone will tell me that open source solutions exist for
> Linux.. At least I can hope... At the moment I am syslogging everything
> back via UDP but what exists to analyize this data?

The periodic email should certainly be possible using opensource tools
with access to syslogs...  Also, based upon what you choose to log, you
may want to consider TCP logging between the remote offices and your
central site.

You should check out Tina's loganlysis mailing list:

http://lists.shmoo.com/mailman/listinfo/loganalysis

Also lots of useful info/tools on the lists' homepage:

http://www.counterpane.com/log-analysis.html

-mrh

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards