Firewall Wizards mailing list archives
Re: [OT?] Accounting from PIX Logs
From: "Security Guy" <security () sligoinc com>
Date: Wed, 28 Mar 2007 13:50:29 -0400
Let me back up a second, I read your post and assumed you wanted deep traffic analysis (source/destination/services/traffic amount, netflow-type stuff). If that's the case, then the mirror port and analysis box would be your best bet, as the PIX has pretty limited capabilities for traffic accounting. There are thousands of free analysis tools that can include IDS, packet inspection, etc that will do deep analysis. However, if you just want to look at general system logging analysis (rather than analyzing your traffic), you should look at splunk (www.splunk.com) to sift through the logs that the PIX is forwarding to your syslog server. Also, just googling, but here's a decent list of log analysis tools: http://www.loganalysis.org/sections/parsing/application-specific/index.html -Karl On 3/28/07, Shahin Ansari <zohal52 () yahoo com> wrote:
Would mirroring inside traffic give you more information than logging ability of the firewall? Or is this done to relieve the burnden from the firewall? If this is discussed in the thread you sent, then please disregard my email. Security Guy <security () sligoinc com> wrote: This perl script might help you: http://groups.google.ca/group/comp.dcom.sys.cisco/browse_thread/thread/972a527ba458f06/37ddb0b6234c1e48#37ddb0b6234c1e48 another option (also discussed in that thread) would be to mirror the inside port of the PIX and run traffic analysis against that (there are numerous apps that will do this for you, I just can't think of any off the top of my head), but this would require a switch that supports mirroring and another box to do the analysis. More complicated, but you're probably going to get a more accurate reading than groking what you get from the PIX syslog output HTH -Karl On 3/27/07, Adrian Grigorof wrote:Hello, Not open source but good (we hope): http://www.eventid.net/firegen/firegenpix2.asp (I am oneofthe developers). Regards, Adrian Grigorof www.altairtech.ca www.eventid.net fRANz wrote: Hi. Anyone can suggest me a good solution (preferred OpenSource) for summarizing and accounting Cisco PIX (ver. 6.x, 7.x) logs? Regards, -f _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs comhttps://listserv.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs comhttps://listserv.icsalabs.com/mailman/listinfo/firewall-wizards-- -Karl _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards ________________________________ Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains.
-- -Karl _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- [OT?] Accounting from PIX Logs fRANz (Mar 27)
- Re: [OT?] Accounting from PIX Logs Meenoo Shivdasani (Mar 27)
- Re: [OT?] Accounting from PIX Logs Adrian Grigorof (Mar 27)
- Re: [OT?] Accounting from PIX Logs Security Guy (Mar 28)
- Re: [OT?] Accounting from PIX Logs Shahin Ansari (Mar 28)
- Message not available
- Re: [OT?] Accounting from PIX Logs Security Guy (Mar 28)
- Re: [OT?] Accounting from PIX Logs Security Guy (Mar 28)
- <Possible follow-ups>
- Re: [OT?] Accounting from PIX Logs Brian Ford (brford) (Mar 28)
- Re: [OT?] Accounting from PIX Logs fRANz (Mar 28)
- Re: [OT?] Accounting from PIX Logs Security Guy (Mar 28)
- Re: [OT?] Accounting from PIX Logs fRANz (Mar 28)