You can try Private-I from OpenSystems.com. They have analysis modules for PIX and IOS, CheckPoint, generic syslog collection facilities, etc... It's good for windows-based centralization. To configure the analysis part is a bit of a pain though... it's definitely a manual process.
-----Original Message----- From: michaelian ennis [mailto:[EMAIL PROTECTED]] Sent: Sunday, June 02, 2002 9:29 PM To: [EMAIL PROTECTED] Subject: Syslog Monitoring Question I have four PIX firewalls that I manage I also have one FreeBSD IDS (Snort -> MySQL -> ACID). I have recently gotten to the point where I need to centralize the monitoring. I have two Network Monitoring systems One is Win2K which runs CiscoWorks 2k Routed WAN and SolarWinds Bandwidth Monitor, then another Red Hat 7.1 running MRTG, Apache and various perl scripts I use for rolling out changes to the Network. I am considering adding an Free(or Open)BSD IDS at every firewall and was thinking of using each as a local syslog server as well, but my staff needs an easy GUI for sorting through syslog messages to debug PIX problems. I would like to maintain a syslog server/IDS at each site and have the syslog messages collected in a central location where a windows based tool can be used to filter through all the entries at once. I do want each site to have its own copy of the local syslog messages incase the WAN goes down but I do not want the staff to have to connect to each individual server. Any suggestions?
