terryhdbailey
asked on
Help with PIX, Syslog, KIWI
I have a pix firewall 501. I need to parse the syslog files into something I can use with crystal reports. So in essence I need date, time, source ip, destination ip (or url),
I have been playing with kiwi but have not been able to get it to work as I am sure of all the steps involved.
Need help in steps (like setup custome file format, then setup output file, then ....) in getting this working.
Also need help (I believe) in getting a custom script in kiwi to output above.
Thanks for your help and guidance.
Terry
I have been playing with kiwi but have not been able to get it to work as I am sure of all the steps involved.
Need help in steps (like setup custome file format, then setup output file, then ....) in getting this working.
Also need help (I believe) in getting a custom script in kiwi to output above.
Thanks for your help and guidance.
Terry
ASKER
Does Sawmill also capture the syslog or does it have to be captured with something else?
Yes I have the pix 501 sending me syslog messages now. udp port 514.
thanks terry
Yes I have the pix 501 sending me syslog messages now. udp port 514.
thanks terry
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This shows you how:
http://www.cisco.com/warp/public/110/pixsyslog.html#pi4.3x
Now... as for file formats, I wouldn't bother messing around with them, but get a product that understands PIX syslog files - like eiqFirewallAnalyzer http://www.eiqnetworks.com/products/securityanalytics.shtml, or Network Intelligence (super-capable SYSLOG server), or SawMill http://www.sawmill.net/formats/PIX_Firewall_Syslog_Server_Format.html or A.N.Other - there are plenty around !!