ASA log viewer

• Previous message (by thread): ASA log viewer
• Next message (by thread): ASA log viewer
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Nov 19, 2011 at 4:51 PM, Duane Toler <detoler at gmail.com> wrote:

> Hey NANOG!
>
> My employer is deploying CIsco ASA firewalls to our clients
> (specifically the 5505, 5510 for our smaller clients).  We are having
> problems finding a decent log viewer.  Several products seem to mean
> well, but they all fall short for various reasons.  We primarily use
> Check Point firewalls, and for those of you with that experience, you
> know the SmartViewer Tracker is quite powerful.  Is there anything
> close to the flexibility and filtering capabilities of Check Point's
> SmartView Tracker?
>
> For now, I've been dumping the logs via syslog with TLS using
> syslog-ng to our server, but that is mediocre at best with varying
> degrees of reliability.  The syslog-ng server then sends that to a
> perl script to put that into a database.  That allows us to run our
> monthly reports, but that doesn't help us with live or historical log
> parsing and filtering (see above, re: SmartView Tracker).
>

It sounds like you've already got a pretty good aggregation setup going,
here. I've had great luck with UDP Syslog from devices to a site-local log
aggregator that then ships off log streams to a central place over TCP (for
the WAN paths) and/or TLS/SSL.

It sounds like you may have something similar going here, though I'd be
curious to know where you've had this fall down reliability-wise.

If a customer called to help us troubleshoot connection issues over
> the past few days, there's no way to review the logs and figure out
> what happened back then.  Every CCIE we've talked to, and Cisco
> themselves, seem to not care about firewall traffic logs or the
> ability to parse and review them.  We know about Cisco Security
> Center, but that seems incapable of handling logs, etc.  CS-MARS
> would've been great, but that's overpriced and now discontinued
> anyway.  We'd hate to spend the time writing our own app if there's a
> viable product already available (we're willing to pay a reasonable
> price for one, too).
>

I don't know of any great commercial products, as I've only built homegrown
tools for various organizations. I'm curious though, what kinds of features
are you looking for? Searching log data? Alerting on events based on log
data?

Cheers,
jof

• Previous message (by thread): ASA log viewer
• Next message (by thread): ASA log viewer
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]