On 04/10/06 19:44 -0700, Vahid Pazirandeh wrote:
> That got your attention didn't it? I know this is a lengthy subject,
> because I was reading through the other thread titled "parsing logs
> ultra-fast inline".
> Is there a "logwatch" equivalent that reports on PIX v7.x logs (not v6)?
> Logwatch (http://freshmeat.net/projects/logwatch/) is just so simple, and does
> some reporting on syslog files.
> I just have one PIX device to worry about. Should I just come up with a list
> of include/exclude regexps instead of trying to find some tool? Should I
> collect iptables logs too?

That would depend on how complex you are trying to make your parser. A
simplistic parser would allow you to filter out noise in the logs, and
let you focus on the objects of interest. Collecting iptables logs as
well is a good idea, provided that you can do something with them.

> I'm probably missing the bigger picture of network security reporting. Your
> experience and helpful tips are appreciated. :-)

The loganalysis list would probably be a better place to look for that

Devdas Bhagat
firewall-wizards mailing list