On Sat, Nov 19, 2011 at 5:32 PM, Duane Toler <deto...@gmail.com> wrote:
> On Sat, Nov 19, 2011 at 20:04, Jay Ashworth <j...@baylink.com> wrote: > > ----- Original Message ----- > >> From: "Duane Toler" <deto...@gmail.com> > > > >> My employer is deploying CIsco ASA firewalls to our clients > >> (specifically the 5505, 5510 for our smaller clients). We are having > >> problems finding a decent log viewer. Several products seem to mean > >> well, but they all fall short for various reasons. We primarily use > >> Check Point firewalls, and for those of you with that experience, you > >> know the SmartViewer Tracker is quite powerful. Is there anything > >> close to the flexibility and filtering capabilities of Check Point's > >> SmartView Tracker? > > > > Is your problem the aggregation proper, or the mining? > > > > Do the ASA's log to syslog? > > > > Cheers, > > -- jra > > -- > > Yep, we log to syslog, and the issue is the mining. Not that I/we > *can't* grep/regex/sed/awk/perl our way thru the log files. It's just > that it's overly tedious. Especially when compared to Check Point's > product (given that they are aiming to compete...). > I'd second Mike's suggestion then -- check out Splunk. They make a commercial log viewing, searching, and reporting product that's pretty awesome. They license based on log volume, and the pricing scales somewhat logarithmically. So, I would consider your log volume and budget before sinking too much time into it. There's a free trial installation and license that's available if you want to try it out. Cheers, jof
