1. Home
  2. Cisco Systems
  3. ASA VPN log to SQL Server Database.

ASA VPN log to SQL Server Database.

How would one get these logs into a SQL Server database? DTS does not seem capable, and the files aren't necessarily comma-dilimeted.

Reply to
rschweiger
Loading thread data ...

Create a text field and push the entire line into it.

If you want to get ambitious, parse the time out and use that as one of the keys -- but note there are at least 3 different time formats and you may have to take into account "daylight savings time".

If you want to get finer grained than that, you first have to define what information you want extracted from each of the several hundred different potential PIX/ASA messages. Then you need to go over the PIX/ASA command reference documentation line by line in order to find out what the limitations are on each field; following that you will have to examine the error message specifications. This will allow you to discover the many fields whose structure is not defined, so you will then need to set up a test lab in order to provoke each different message in each of its possible modes so that you can figure out what the -real- message format is. Then you will have to figure out how to parse the fields out of the actual message formats, which will effectively require context-sensitive parsing with backtracking [because some of the configurable fields can be set to values that -happen- to look like part of the message syntax...]

When you get to the point where you have figured out what parts of each line to extract and how to reliably extract the information, you will discover that some of the values of the fields have semantic meaning which depends upon previous messages, or whose semantic meaning can only be discovered by deduction over sets of log messages (easier, possibly, just to parse the configuration file to discover the relevant information.) So you could put the tokenized information into an SQL database, but unless you run a parser over the logs that tracks all the active connections, you will not be able to do reasonable semantic analysis of the information...

Network Intelligence used to make a program that parsed PIX logs (amongst other types of logs) into an SQL database, but they dropped the product a few years ago... which was just as well, as the product was slow and missed important semantic information more often than not.

What is the goal for which putting the data into an SQL database would be the tool? There might be easier methods.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.