One strong point about HSC is that Jeff was more to happy to help troubleshoot the issues I had! ;-)
To bring this to something resembling IDS, the HSC also supports snort sensors among other network devices. Seth Robertson -----Original Message----- From: Jeff Dell [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 13, 2006 3:24 PM To: Robertson, Seth (JSC-IM); [email protected] Subject: RE: What are the best open source cisco pix log analyzers? This isn't really an undocumented requirement, it is a value that is set in the database schema. It can be changed easily enough by changing the length of the column from 16 to 32, 64, 128 or whatever you like. Cheers, Jeff > -----Original Message----- > From: Robertson, Seth (JSC-IM) [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 13, 2006 2:28 PM > To: [email protected] > Subject: RE: What are the best open source cisco pix log analyzers? > > Good luck, I'm afraid there basically aren't any. There is the > Honeynet Security Console and a Perl script called FISQ which is used > to import log data into the HSC database, but I didn't have much luck > with it. > For example, the name of the table my firewall data was stored in was > longer than 16 characters, which violated an undocumented requirement > for HSC to be able read data from it. A cheap alternative is FireGen, > which runs about $200. It produces pretty good reports, but isn't > customizable. > > BTW, there's a [EMAIL PROTECTED] mailing list which you > would probably have better success with. > > > Seth Robertson > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 13, 2006 12:53 PM > To: [email protected] > Subject: What are the best open source cisco pix log analyzers? > > Hello, everyone . > > > > I am looking for the best open source log analyzers or parsers for > Cisco PIX. > > > > Please recommend. > > > > I found these > > http://fwlogwatch.inside-security.de/ > > http://www.wallfire.org/wflogs/ > > I don't think they are the best of the available > > > > Thanks a lọt > > > -------------------------------------------------------------- > ---------- > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it with real-world attacks from > CORE IMPACT. > Go to > http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > -------------------------------------------------------------- > ---------- > > -------------------------------------------------------------- > ---------- > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it with real-world attacks from > CORE IMPACT. > Go to > http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > -------------------------------------------------------------- > ---------- > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
