And if I were going to run it, I would run it on Unix. PI brought a
PII400 256MB Compaq 1600 to it's knees. It can't be used for anything
else, and unless you parse the data extremely frequently, NT chokes on the
logs. PI failed overnight after I got it setup, and I got in the next
day, restarted it and started the "log crunching" process... it ran all
day and I think it got to about 25%.
When it comes to crunching and parsing logfiles, NT cannot touch a good
*nix box. I ran NT on a PII 266 /w 96MB agains a linux box on a Pentium
166MMX /w 32MB on about 50 MB of raw firewall logs using cat and grep on
both. The NT box usually could not finish all the files before the grep
app crashed (after about 10 - 15 minutes of thrashing). The linux box did
all 50 MB in about 5 seconds. I have also seen the same thing pitting
analog vs. WebTrends. I run the Georgia TUCOWS mirror and the web logs
can grow to several hundred MB's. NT running WebTrends ran all night on
those logs and choked at around 60%. Analog generated the report (on
somehting like 450MB worth of access_log) in about 4 minutes. The NT Box
was a PPro 200 w/ 128MB and the linux box was a dual P133 w/ 96MB.
Carric Dooley
COM2:Interactive Media
http://www.com2usa.com
On Mon, 14 Jun 1999 [EMAIL PROTECTED] wrote:
>
>
> Misha,
>
> Actually, Private I runs on Unix also.
>
> Bruce Middleton
>
>
>
>
>
> Misha <[EMAIL PROTECTED]> on 06/12/99 12:44:08 AM
>
> To: Bruce Middleton/HNS@HNS
> cc: [EMAIL PROTECTED]
> Subject: Re: Cisco PIX log parsing code
>
>
>
>
> I was actually looking for something more flexible than the Private I. Not
> only does it run on NT (our log host is Unix based obviosly), but last
> time I saw it the user interaface was quite nasty. Any other tools you are
> aware of?
>
> Thanx
>
> Misha
>
>
>
> On Fri, 11 Jun 1999 [EMAIL PROTECTED] wrote:
>
> >
> >
> > Misha,
> >
> > You might consider using the product "Private I", which does all the parsing,
> > etc for you
> > on a PIX firewall.
> >
> > Bruce Middleton
> > Senior Security Specialist
> > Hughes Network Systems
> >
> >
> >
> >
> >
> >
> > Misha <[EMAIL PROTECTED]> on 06/10/99 12:06:05 AM
> >
> > To: [EMAIL PROTECTED]
> > cc: (bcc: Bruce Middleton/HNS)
> > Subject: Cisco PIX log parsing code
> >
> >
> >
> >
> >
> > Does anyone happpen to have any code to parse the PIX logs? I would be
> > looking for things like icmp and syn scans, common dos attacks, traffic
> > denied to odd ports and more specific things as they come up. I would be
> > glad to post whatever additions and improvements we make in the future.
> >
> > Misha
> > Insync Internet Services
> >
> >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
> >
> >
> >
>
>
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
