I have a pix 506 firewall that I am monitoring through syslogs.
I have a 600 MB syslog file for the last 10 days. during those 10 days, somebody made some config changes to the firewall and now something's not working.
How can I analyze the syslog file to find out who did what? (other people have access to the pix besides me.)
I use sawmill to analyze syslogs for traffic patterns / anomalies etc.
is there a program which would analyze the syslogs for config changes?
P.S. the syslogs are debug level, which is supposed to capture everything right?