On 04/10/06 19:44 -0700, Vahid Pazirandeh wrote:
> That got your attention didn't it? I know this is a lengthy subject,
> because I was reading through the other thread titled "parsing logs
> ultra-fast inline".
>
> Is there a "logwatch" equivalent that reports on PIX v7.x logs (not v6)?
> Logwatch (http://freshmeat.net/projects/logwatch/) is just so simple, and does
> some reporting on syslog files.
>
> I just have one PIX device to worry about. Should I just come up with a list
> of include/exclude regexps instead of trying to find some tool? Should I
> collect iptables logs too?
>

That would depend on how complex you are trying to make your parser. A
simplistic parser would allow you to filter out noise in the logs, and
let you focus on the objects of interest. Collecting iptables logs as
well is a good idea, provided that you can do something with them.

> I'm probably missing the bigger picture of network security reporting. Your
> experience and helpful tips are appreciated. :-)
>

The loganalysis list would probably be a better place to look for that
information.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards