Solved

Firewall Log Analyzer Recommendation Requested

Posted on 2010-09-21
4
508 Views
Last Modified: 2012-05-10
Can anyone recommend a good firewall log analyzer?  Currently we use ManageEngine Firewall Analyzer, which is great when it works, but it often does not work.  The firewall is a Cisco Pix.  We are looking to find a more reliable product that provides similar data.  For example, if we notice a spike in bandwidth usage, we want to be able to run a report that will immediately show the device that is using the bandwidth, and the IP address (or domain/URL) of the source the device is pulling data from.

Thanks
0
Comment
Question by:bezoid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 21

Assisted Solution

by:Jakob Digranes
Jakob Digranes earned 166 total points
ID: 33724870
this one really kicks a_s when it comes to monitoring, reporting and blocking:
http://www.paloaltonetworks.com/

we've deployed quite a few, and they're integrated towards microsoft AD if you need user names, it inspects SSL traffic (as well as http) - and let you block URLs and all you need really.
They almost always is able to discover threats that no other systems do
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 334 total points
ID: 33725008
You might also consider adding something like NTOP to your toolbox:
http://www.ntop.org/news.php

0
 

Author Comment

by:bezoid
ID: 33725256
Thanks - While the PaloAlto solution looks robust, we are looking for something that will work with our current firewall, a Cisco PIX.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 334 total points
ID: 33725869
NTOP is firewall independent. Connect it to a SPAN port on the switch with the firewall port mirrored.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question