[146699] in North American Network Operators' Group
Re: ASA log viewer
daemon@ATHENA.MIT.EDU (Beavis)
Sat Nov 19 21:19:35 2011
In-Reply-To: <-7906887935908757220@unknownmsgid>
Date: Sat, 19 Nov 2011 20:19:24 -0600
From: Beavis <pfunix@gmail.com>
To: Mike Lyon <mike.lyon@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
+1 here i use splunk for sorting out logs pretty cool tool. easy to install=
.
On Sat, Nov 19, 2011 at 7:30 PM, Mike Lyon <mike.lyon@gmail.com> wrote:
> Check out Splunk (www.splunk.com)
>
> -mike
>
> Sent from my iPhone
>
> On Nov 19, 2011, at 16:51, Duane Toler <detoler@gmail.com> wrote:
>
>> Hey NANOG!
>>
>> My employer is deploying CIsco ASA firewalls to our clients
>> (specifically the 5505, 5510 for our smaller clients). =A0We are having
>> problems finding a decent log viewer. =A0Several products seem to mean
>> well, but they all fall short for various reasons. =A0We primarily use
>> Check Point firewalls, and for those of you with that experience, you
>> know the SmartViewer Tracker is quite powerful. =A0Is there anything
>> close to the flexibility and filtering capabilities of Check Point's
>> SmartView Tracker?
>>
>> For now, I've been dumping the logs via syslog with TLS using
>> syslog-ng to our server, but that is mediocre at best with varying
>> degrees of reliability. =A0The syslog-ng server then sends that to a
>> perl script to put that into a database. =A0That allows us to run our
>> monthly reports, but that doesn't help us with live or historical log
>> parsing and filtering (see above, re: SmartView Tracker).
>>
>> If a customer called to help us troubleshoot connection issues over
>> the past few days, there's no way to review the logs and figure out
>> what happened back then. =A0Every CCIE we've talked to, and Cisco
>> themselves, seem to not care about firewall traffic logs or the
>> ability to parse and review them. =A0We know about Cisco Security
>> Center, but that seems incapable of handling logs, etc. =A0CS-MARS
>> would've been great, but that's overpriced and now discontinued
>> anyway. =A0We'd hate to spend the time writing our own app if there's a
>> viable product already available (we're willing to pay a reasonable
>> price for one, too).
>>
>> Any ideas?
>>
>> Thanks!!
>>
>
>
--=20
()=A0 ascii ribbon campaign - against html e-mail
/\=A0 www.asciiribbon.org=A0=A0 - against proprietary attachments
Disclaimer:
http://goldmark.org/jeff/stupid-disclaimers/
