Solved

Help with PIX, Syslog, KIWI

Posted on 2004-09-15
3
1,372 Views
Last Modified: 2010-04-09
I have a pix firewall 501.  I need to parse the syslog files into something I can use with crystal reports.  So in essence I need date, time, source ip, destination ip (or url),

I have been playing with kiwi but have not been able to get it to work as I am sure of all the steps involved.  
Need help in steps (like setup custome file format, then setup output file, then ....) in getting this working.

Also need help (I believe) in getting a custom script in kiwi to output above.  

Thanks for your help and guidance.

Terry
0
Comment
Question by:terryhdbailey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12072437
You've managed to setup syslog to send data from PIX to Kiwi ?
This shows you how:

http://www.cisco.com/warp/public/110/pixsyslog.html#pi4.3x

Now...  as for file formats, I wouldn't bother messing around with them, but get a product that understands PIX syslog files - like eiqFirewallAnalyzer http://www.eiqnetworks.com/products/securityanalytics.shtml, or Network Intelligence (super-capable SYSLOG server), or SawMill http://www.sawmill.net/formats/PIX_Firewall_Syslog_Server_Format.html or A.N.Other - there are plenty around !!

0
 

Author Comment

by:terryhdbailey
ID: 12075947
Does Sawmill also capture the syslog  or does it have to be captured with something else?

Yes I have the pix 501 sending me syslog messages now.  udp port 514.


thanks terry
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 500 total points
ID: 12089442
It's a log file analyser, so you do need a syslog server at some stage to generate the logs for Sawmill to analyse.
Here's another reasonable log analysis tool:

http://www.reportgen.com/downloads.htm

The intergrated syslog servers / log analyzers tend to cost a LOT more !!
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question