Options
Looking for a good Syslog Parser/analyzer
So I'm trying to find a good syslog parser/analyser.
What I'm trying to do is log messages from an ASA and I want to generate reports based on the messages over a time period. Like how many times a remote user logged in, what ACLs are applied etc. Our current ASA is logging about 150k messages a day right now, but I need to only parse a few specific messages. I'm not really looking into programming my own app either. Something off the shelf would be nice.
Kiwi is too basic and doesnt provide the functionality I need. RSA Envision is way way too pricey for our project. MARS is EOL.
Any suggestions.
What I'm trying to do is log messages from an ASA and I want to generate reports based on the messages over a time period. Like how many times a remote user logged in, what ACLs are applied etc. Our current ASA is logging about 150k messages a day right now, but I need to only parse a few specific messages. I'm not really looking into programming my own app either. Something off the shelf would be nice.
Kiwi is too basic and doesnt provide the functionality I need. RSA Envision is way way too pricey for our project. MARS is EOL.
Any suggestions.
Currently Reading:
CCIE: Network Security Principals and Practices
CCIE: Routing and Switching Exam Certification Guide
CCIE: Network Security Principals and Practices
CCIE: Routing and Switching Exam Certification Guide
Comments
-
Options
docrice
Member Posts: 1,706 ■■■■■■■■■■
Maybe Splunk? Or if you prefer command line, logwatch?Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
Options
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
kiwi and log to a data base such as SQL,
then you have all the messages in a data base and can handle it how you want.
Thats how i use to do it,
Kiwi to raise alerts and the SQL database as a long term reporting tool.
low cost and I was dealing with 500K+ messages a day quite happly.- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
Options
NightShade03
Member Posts: 1,383 ■■■■■■■□□□
I'd also say Logwatch or rsyslog should work well for you (rsyslog can do some good filtering for your). I would def stay away from Splunk because it will cost you a pretty penny. -
Optionsdocrice
Member Posts: 1,706 ■■■■■■■■■■
If you log a great amount, Splunk can be expensive. On the other hand, if you only need to log a small amount via Splunk (up to 500 MB / day), then there's the free version.
If you know exactly what text strings you're looking for, a grep script might work in a pinch.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
Options
millworx
Member Posts: 290
Thanks for all the replies.
I was using splunk, but it didn't provide the very granular data that I really needed without customizing it.
I ended up downloading Manage Engines Firewall Analyzer 7, and so far am pretty impressed with how granular it is. Shows me detailed VPN usage reports by user, host ip assigned, etc.
So I think that might be the way I'm going to go.Currently Reading:
CCIE: Network Security Principals and Practices
CCIE: Routing and Switching Exam Certification Guide