Hello, we have 4 SYmantec 5400's, one pair inbound, one pair outbound, and in total we generate about 1.5 gig of logs per day.
Occasionally we need to plow thru said logs to see if we're being attacked, or to see if someone in the company accessed a site they shouldn't have.
What tools do you (or would you) use to:
a. get the logs off of the appliances, onto a server, so they can be worked with - other than the command line tools (remotelogfile8.exe)
b. merge multiple logs into one and clean up the formattnig
c. conduct analysis of logs to, say, pull all the web activity for one of our PC's, or pull all log entries for inbound SMTP ? Currently we use grep.
Graphs of usage and thruput are of little value, compared to the detailed analysis.
Thank you !