[146695] in North American Network Operators' Group
Re: ASA log viewer
daemon@ATHENA.MIT.EDU (Duane Toler)
Sat Nov 19 20:33:13 2011
In-Reply-To: <14658629.3421.1321751045105.JavaMail.root@benjamin.baylink.com>
Date: Sat, 19 Nov 2011 20:32:15 -0500
From: Duane Toler <detoler@gmail.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sat, Nov 19, 2011 at 20:04, Jay Ashworth <jra@baylink.com> wrote:
> ----- Original Message -----
>> From: "Duane Toler" <detoler@gmail.com>
>
>> My employer is deploying CIsco ASA firewalls to our clients
>> (specifically the 5505, 5510 for our smaller clients). We are having
>> problems finding a decent log viewer. Several products seem to mean
>> well, but they all fall short for various reasons. We primarily use
>> Check Point firewalls, and for those of you with that experience, you
>> know the SmartViewer Tracker is quite powerful. Is there anything
>> close to the flexibility and filtering capabilities of Check Point's
>> SmartView Tracker?
>
> Is your problem the aggregation proper, or the mining?
>
> Do the ASA's log to syslog?
>
> Cheers,
> -- jra
> --
Yep, we log to syslog, and the issue is the mining. Not that I/we
*can't* grep/regex/sed/awk/perl our way thru the log files. It's just
that it's overly tedious. Especially when compared to Check Point's
product (given that they are aiming to compete...).
