I hope this is not too far off firewall topic I apologise if it is.
I have been asked to implement a syslog server based on NT (W2K) . I need to collect the logs from a PIX firewall and a Nokia VPN device.
I have tried a few log server servers namely Kiwi, winsyslog and some others. I am able to collect the logs no problem and am happy to review the logs and act accordingly.
What my employer wants are summery reports for these devices, while there are tools which will report on the logs of a PIX firewall they cannot make head nor tail of the Nokia device (understandable).
So I guess what I am asking is, what do you guys use to help analyse your Firewall logs, I expect you guys can point me in the direction of web sites and further reading.
Any assistance is welcomed.
My reply:
Check with Network Intelligence Corporation (formerly OpenSystems.com). Its web site is still http://www.opensystems.com/. OpenSystems Private I (eye) product could collect and report all events/audit records from both Cisco and Check Point products. If the Nokia VPN, like its firewall product, is utilizing the Check Point VPN product, then Private I might be what you want.
You might also want to look at their hardware solution "Network Intelligence Engine" or their software solution "enVision". Although I have not looked at these newer products yet, I suspect that these products met or are heading in the direction you require.
Regards;
Marc Mandel
