ASA log viewer
jof at thejof.com
Sat Nov 19 19:36:22 CST 2011
On Sat, Nov 19, 2011 at 5:32 PM, Duane Toler <detoler at gmail.com> wrote:
> On Sat, Nov 19, 2011 at 20:04, Jay Ashworth <jra at baylink.com> wrote:
> > ----- Original Message -----
> >> From: "Duane Toler" <detoler at gmail.com>
> >> My employer is deploying CIsco ASA firewalls to our clients
> >> (specifically the 5505, 5510 for our smaller clients). We are having
> >> problems finding a decent log viewer. Several products seem to mean
> >> well, but they all fall short for various reasons. We primarily use
> >> Check Point firewalls, and for those of you with that experience, you
> >> know the SmartViewer Tracker is quite powerful. Is there anything
> >> close to the flexibility and filtering capabilities of Check Point's
> >> SmartView Tracker?
> > Is your problem the aggregation proper, or the mining?
> > Do the ASA's log to syslog?
> > Cheers,
> > -- jra
> > --
> Yep, we log to syslog, and the issue is the mining. Not that I/we
> *can't* grep/regex/sed/awk/perl our way thru the log files. It's just
> that it's overly tedious. Especially when compared to Check Point's
> product (given that they are aiming to compete...).
I'd second Mike's suggestion then -- check out Splunk. They make a
commercial log viewing, searching, and reporting product that's pretty
awesome. They license based on log volume, and the pricing scales somewhat
logarithmically. So, I would consider your log volume and budget before
sinking too much time into it.
There's a free trial installation and license that's available if you want
to try it out.
More information about the NANOG