Solved

Help with PIX, Syslog, KIWI

Posted on 2004-09-15
3
1,365 Views
Last Modified: 2010-04-09
I have a pix firewall 501.  I need to parse the syslog files into something I can use with crystal reports.  So in essence I need date, time, source ip, destination ip (or url),

I have been playing with kiwi but have not been able to get it to work as I am sure of all the steps involved.  
Need help in steps (like setup custome file format, then setup output file, then ....) in getting this working.

Also need help (I believe) in getting a custom script in kiwi to output above.  

Thanks for your help and guidance.

Terry
0
Comment
Question by:terryhdbailey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12072437
You've managed to setup syslog to send data from PIX to Kiwi ?
This shows you how:

http://www.cisco.com/warp/public/110/pixsyslog.html#pi4.3x

Now...  as for file formats, I wouldn't bother messing around with them, but get a product that understands PIX syslog files - like eiqFirewallAnalyzer http://www.eiqnetworks.com/products/securityanalytics.shtml, or Network Intelligence (super-capable SYSLOG server), or SawMill http://www.sawmill.net/formats/PIX_Firewall_Syslog_Server_Format.html or A.N.Other - there are plenty around !!

0
 

Author Comment

by:terryhdbailey
ID: 12075947
Does Sawmill also capture the syslog  or does it have to be captured with something else?

Yes I have the pix 501 sending me syslog messages now.  udp port 514.


thanks terry
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 500 total points
ID: 12089442
It's a log file analyser, so you do need a syslog server at some stage to generate the logs for Sawmill to analyse.
Here's another reasonable log analysis tool:

http://www.reportgen.com/downloads.htm

The intergrated syslog servers / log analyzers tend to cost a LOT more !!
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Objects in Cisco ASA 2 56
Cisco ASA 5510 Question 2 31
types of VPN 2 57
Cisco L3 Switch - Show DHCP Server's IP Address for every VLAN 3 15
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question