On 18 Dec 2001 at 16:29, Brian Ford wrote: > I use Kiwi Syslog also. It's wonderful. Andrew Ross, the developer is a > great person and has a great product. > > An impotant PIX syslog feature that you didn't mention (and the reason we > put out a syslogd in the first place) is TCP Syslog. On the PIX you do > have the option of sending Syslog over TCP or UDP. This makes it much > more reliable. > > And Kiwi supports PIX TCP Syslog too!
I personally will never touch TCP syslog with the PIX - I once had my syslog server run out of disk space and the PIX shut down. Check the release notes for the PIX - they specifically say that a problem with the syslog server over TCP will cause the PIX to stop processing connections. > P.S. Have you checked out RnR ReportGen? It's also a great log report > tool and works very well I don't like it - just gives either a brief overview or a list of everything. I prefer to have my data such that it's summarised with drilldowns so I can highlight what looks like a portscan or hack attempt or other anomaly and then see all the individual log lines associated with it such that I can investigate it. This PIX logging thread has made me dig up my old source code from my app to parse PIX syslogs and produce reports that can be regenerated showing the data from different perspectives much more quickly than a full parse could as the first pass writes all important information to a database for easier processing later. If I ever get this program into a state where it's usable I'll put it somewhere for anyone to download, and if users ask for new features that would be useful I'll look into adding them. I originally wrote it to track down a user on my own network who had been using up all the available company bandwidth with Napster, so just looking at denied log entries wasn't good enough - I needed to see every internal IP and port combination with summaries by port and IP to track him down, and once I'd got the data together and passed it over to management it wasn't long before he was gone. I tried WebTrends Firewall Suite too but I found it's reports were also a bit lacking. Maybe I just don't use the report tools properly, but I couldn't work out how to get at the data I needed. If anyone has ideas for reports that could be included in my app I'd be interested to hear them. Just one warning - I'm a VB programmer so this will be a Win9x/NT/2K/XP app that will not be as fast as some tools out there. Dan --- D.C. Crichton email: [EMAIL PROTECTED] Senior Systems Analyst tel: +44 (0)121 706 6000 Computer Manuals Ltd. fax: +44 (0)121 606 0477 Computer book info on the web: http://computer-manuals.co.uk/ Want to earn money? Join our affiliate network! http://computer-manuals.co.uk/affiliate/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
