[146693] in North American Network Operators' Group
Re: ASA log viewer
daemon@ATHENA.MIT.EDU (Mike Lyon)
Sat Nov 19 20:31:43 2011
From: Mike Lyon <mike.lyon@gmail.com>
In-Reply-To: <CAP6RScQa8XFfO2FqxHgGdKALupoPDMay8CSHgqojUxWMGcEEFg@mail.gmail.com>
Date: Sat, 19 Nov 2011 17:30:40 -0800
To: Duane Toler <detoler@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Check out Splunk (www.splunk.com)
-mike
Sent from my iPhone
On Nov 19, 2011, at 16:51, Duane Toler <detoler@gmail.com> wrote:
> Hey NANOG!
>
> My employer is deploying CIsco ASA firewalls to our clients
> (specifically the 5505, 5510 for our smaller clients). We are having
> problems finding a decent log viewer. Several products seem to mean
> well, but they all fall short for various reasons. We primarily use
> Check Point firewalls, and for those of you with that experience, you
> know the SmartViewer Tracker is quite powerful. Is there anything
> close to the flexibility and filtering capabilities of Check Point's
> SmartView Tracker?
>
> For now, I've been dumping the logs via syslog with TLS using
> syslog-ng to our server, but that is mediocre at best with varying
> degrees of reliability. The syslog-ng server then sends that to a
> perl script to put that into a database. That allows us to run our
> monthly reports, but that doesn't help us with live or historical log
> parsing and filtering (see above, re: SmartView Tracker).
>
> If a customer called to help us troubleshoot connection issues over
> the past few days, there's no way to review the logs and figure out
> what happened back then. Every CCIE we've talked to, and Cisco
> themselves, seem to not care about firewall traffic logs or the
> ability to parse and review them. We know about Cisco Security
> Center, but that seems incapable of handling logs, etc. CS-MARS
> would've been great, but that's overpriced and now discontinued
> anyway. We'd hate to spend the time writing our own app if there's a
> viable product already available (we're willing to pay a reasonable
> price for one, too).
>
> Any ideas?
>
> Thanks!!
>
