Home page logo

basics logo Security Basics mailing list archives

RE: Other way to view PIX syslog ?
From: "Trevor Cushen" <Trevor.Cushen () sysnet ie>
Date: Mon, 11 Nov 2002 09:14:05 -0000

I agree with Chris, Perl is indeed your friend.  I would use a web
interface which I find easier for this type of work.

There is a product called sysklogd which will run on a linux machine and
place your logs into mysql.  Then the Perl and web interface will make
life very easy as you can run queries on time, ip address, etc.

Kiwi I would recommend but you didn't like it.  Winsyslog is another one
on this line that you may find better.  If it is only one or two PIX
boxes then I would go with a Linux machine with Apache, Perl, MySQL and
Sysklogd.  In no time at all you have a central logging server with a
nice web front end to view all the logs.

Trevor Cushen
Sysnet Ltd

Tel: +353 1 2983000
Fax: +353 1 2960499

-----Original Message-----
From: Chris Berry [mailto:compjma () hotmail com] 
Sent: 08 November 2002 19:42
To: security-basics () securityfocus com
Subject: Re: Other way to view PIX syslog ?

From: "mathieu008 ." <mathieu0008 () hotmail com>
I'm tired of reading my 6 megs of PIX syslog messages using
there a program out there with a GUI and options like "put in order of 
ports requests".
Even better, if there is an message or log analyzer (which would make a

little bit like an IDS)
I tried Kiwi Deamon but couldn't make it work...didn't bother because
didn't look nice

Perl is your friend, you could write a script to do that in about three 
lines.  Writing your own Perl/TK gui interface would be a little more 
complicated depending on how many features you want, but still probably
about two pages of code.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"And here in our server room you can see our Beowolf Cluster of C64's
keeps our enterprise on the very cutting edge of technology."

MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. 


This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 

If you have received this message in error please notify SYSNET Ltd., at
telephone no: +353-1-2983000 or postmaster () sysnet ie


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]