http://www.retina.ent/~jna/pixie
(Very Beta, but I wanted to get it out to the firewalls list ASAP)
Abstract:
PIXie is an Open Source log analysis tool (in perl) for Cisco PIX
firewalls and routers. It offers interactive, web-based drill-down viewing
of denied packet reports, as well as rudimentary port scan detection and
multiple-device analysis.
At the time of this writing, PIXie only handles IP packets that have been
denied and that have produced log entries. The rest, is up to you.
PIXie does post-mortem analysis of syslogs, and allows you to dig through
denied port logs / PIX logs looking for correlations and information to
assess network security and build a case.
I've just finished this, and we're using it in house with some success. It
beats typing "whois" and doing lots of dns lookups, and because it works
with the data from your routers, it's far more powerful than web-based
lookup tools like SamSpade.
Comments and suggestions would be appreciated.
-john
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
