Looking for a log viewer for PIX

Go to

and download Syslog junction

Ghareeb Rahi wrote:

In article , Ghareeb Rahi wrote: :Does any one know of a good log viewer for PIX. I downloaded kiwiLog, which :is good but its too much data in raw format. I need to see traffic going :in/out from one of our servers and it is a pain to read the logs manually.

There isn't one, really.

If all you need is very simple traffic volume plotting, then you can use the PIX plugin for "sawmill".

If what you need is to zero in on just the records for the server, but you want to look at all of them in their original formats, then log to a file and "grep" the relevant IP address from the file. [Okay, "find" instead of "grep" since KiwiLog implies you are working with Windows]

If you were logging to a Unix-type box, you could get a more sophisticated syslogd that could break the output up into files based upon regular expressions and other criteria.

If you want to do a bit of traffic analysis then you could adapt the simple perl script I posted,

Network Intelligence used to have a product that did firewall log analysis, but they discontinued that.

Most analysis beyond the above is done by custom proprietary tools.

[I've considered putting together a commercial product myself, but considering the relatively low response level on this topic, I am doubtful that the market would be big enough to make the effort worthwhile... not unless I actively went around to companies and plugged it. Firewall log analysis is, though, largely part of the broader topic of Intrusion Analysis, which is a significantly more difficult task.]

CSMARS from Cisco will distill logs from PIX, syslog, eventlog, etc. down into correlated events. It's a hardware appliance which is a recent acquisition (formerly Protego). It's not cheap, but it's designed to do what you are asking.

Thanks. Syslog junction is nice and is doing exactly what I wanted.