Check out Splunk (www.splunk.com) -mike
Sent from my iPhone On Nov 19, 2011, at 16:51, Duane Toler <[email protected]> wrote: > Hey NANOG! > > My employer is deploying CIsco ASA firewalls to our clients > (specifically the 5505, 5510 for our smaller clients). We are having > problems finding a decent log viewer. Several products seem to mean > well, but they all fall short for various reasons. We primarily use > Check Point firewalls, and for those of you with that experience, you > know the SmartViewer Tracker is quite powerful. Is there anything > close to the flexibility and filtering capabilities of Check Point's > SmartView Tracker? > > For now, I've been dumping the logs via syslog with TLS using > syslog-ng to our server, but that is mediocre at best with varying > degrees of reliability. The syslog-ng server then sends that to a > perl script to put that into a database. That allows us to run our > monthly reports, but that doesn't help us with live or historical log > parsing and filtering (see above, re: SmartView Tracker). > > If a customer called to help us troubleshoot connection issues over > the past few days, there's no way to review the logs and figure out > what happened back then. Every CCIE we've talked to, and Cisco > themselves, seem to not care about firewall traffic logs or the > ability to parse and review them. We know about Cisco Security > Center, but that seems incapable of handling logs, etc. CS-MARS > would've been great, but that's overpriced and now discontinued > anyway. We'd hate to spend the time writing our own app if there's a > viable product already available (we're willing to pay a reasonable > price for one, too). > > Any ideas? > > Thanks!! >
