+1 here i use splunk for sorting out logs pretty cool tool. easy to install.
On Sat, Nov 19, 2011 at 7:30 PM, Mike Lyon <mike.l...@gmail.com> wrote: > Check out Splunk (www.splunk.com) > > -mike > > Sent from my iPhone > > On Nov 19, 2011, at 16:51, Duane Toler <deto...@gmail.com> wrote: > >> Hey NANOG! >> >> My employer is deploying CIsco ASA firewalls to our clients >> (specifically the 5505, 5510 for our smaller clients). We are having >> problems finding a decent log viewer. Several products seem to mean >> well, but they all fall short for various reasons. We primarily use >> Check Point firewalls, and for those of you with that experience, you >> know the SmartViewer Tracker is quite powerful. Is there anything >> close to the flexibility and filtering capabilities of Check Point's >> SmartView Tracker? >> >> For now, I've been dumping the logs via syslog with TLS using >> syslog-ng to our server, but that is mediocre at best with varying >> degrees of reliability. The syslog-ng server then sends that to a >> perl script to put that into a database. That allows us to run our >> monthly reports, but that doesn't help us with live or historical log >> parsing and filtering (see above, re: SmartView Tracker). >> >> If a customer called to help us troubleshoot connection issues over >> the past few days, there's no way to review the logs and figure out >> what happened back then. Every CCIE we've talked to, and Cisco >> themselves, seem to not care about firewall traffic logs or the >> ability to parse and review them. We know about Cisco Security >> Center, but that seems incapable of handling logs, etc. CS-MARS >> would've been great, but that's overpriced and now discontinued >> anyway. We'd hate to spend the time writing our own app if there's a >> viable product already available (we're willing to pay a reasonable >> price for one, too). >> >> Any ideas? >> >> Thanks!! >> > > -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/