ASA log viewer

• Previous message (by thread): abuse at brasiltelecom.com.br Contact - Re: http://ipcacoal.org/ipcacoal/includes/kiwi.htm
• Next message (by thread): ASA log viewer
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey NANOG!

My employer is deploying CIsco ASA firewalls to our clients
(specifically the 5505, 5510 for our smaller clients).  We are having
problems finding a decent log viewer.  Several products seem to mean
well, but they all fall short for various reasons.  We primarily use
Check Point firewalls, and for those of you with that experience, you
know the SmartViewer Tracker is quite powerful.  Is there anything
close to the flexibility and filtering capabilities of Check Point's
SmartView Tracker?

For now, I've been dumping the logs via syslog with TLS using
syslog-ng to our server, but that is mediocre at best with varying
degrees of reliability.  The syslog-ng server then sends that to a
perl script to put that into a database.  That allows us to run our
monthly reports, but that doesn't help us with live or historical log
parsing and filtering (see above, re: SmartView Tracker).

If a customer called to help us troubleshoot connection issues over
the past few days, there's no way to review the logs and figure out
what happened back then.  Every CCIE we've talked to, and Cisco
themselves, seem to not care about firewall traffic logs or the
ability to parse and review them.  We know about Cisco Security
Center, but that seems incapable of handling logs, etc.  CS-MARS
would've been great, but that's overpriced and now discontinued
anyway.  We'd hate to spend the time writing our own app if there's a
viable product already available (we're willing to pay a reasonable
price for one, too).

Any ideas?

Thanks!!

• Previous message (by thread): abuse at brasiltelecom.com.br Contact - Re: http://ipcacoal.org/ipcacoal/includes/kiwi.htm
• Next message (by thread): ASA log viewer
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]