|

Computer Security

»

IDS (Intrusion Detection System)

What are the best open source cisco pix log analyzers?

View: New views

10 Messages — Rating Filter: Alert me

	What are the best open source cisco pix log analyzers? by pine-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello, everyone . I am looking for the best open source log analyzers or parsers for Cisco PIX. Please recommend. I found these http://fwlogwatch.inside-security.de/ http://www.wallfire.org/wflogs/ I don't think they are the best of the available Thanks a lọt ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
	RE: What are the best open source cisco pix log analyzers? by Robertson, Seth (JSC-IM) :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Good luck, I'm afraid there basically aren't any. There is the Honeynet Security Console and a Perl script called FISQ which is used to import log data into the HSC database, but I didn't have much luck with it. For example, the name of the table my firewall data was stored in was longer than 16 characters, which violated an undocumented requirement for HSC to be able read data from it. A cheap alternative is FireGen, which runs about $200. It produces pretty good reports, but isn't customizable. BTW, there's a firewalls@... mailing list which you would probably have better success with. Seth Robertson -----Original Message----- From: pine@... [mailto:pine@...] Sent: Tuesday, June 13, 2006 12:53 PM To: focus-ids@... Subject: What are the best open source cisco pix log analyzers? Hello, everyone . I am looking for the best open source log analyzers or parsers for Cisco PIX. Please recommend. I found these http://fwlogwatch.inside-security.de/ http://www.wallfire.org/wflogs/ I don't think they are the best of the available Thanks a lọt ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
	RE: What are the best open source cisco pix log analyzers? by jbeauford :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message pine@... wrote: > Hello, everyone . > > > I am looking for the best open source log analyzers or parsers for > Cisco PIX. > > > Please recommend. > > > I found these > > http://fwlogwatch.inside-security.de/ > > http://www.wallfire.org/wflogs/ > > I don't think they are the best of the available > http://www.loganalysis.org/sections/parsing/application-specific/ Good place to pick one. Also, Kiwisys has a freeware Logviewer. JMB ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
	RE: What are the best open source cisco pix log analyzers? by jbeauford :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message pine@... wrote: > Hello, everyone . > > > I am looking for the best open source log analyzers or parsers for > Cisco PIX. > > > Please recommend. > > > I found these > > http://fwlogwatch.inside-security.de/ > > http://www.wallfire.org/wflogs/ > > I don't think they are the best of the available > > > Thanks a lọt More: http://www.syslog.org/index.php?name=Web_Links&req=viewlink&cid=4&min=20 &orderby=titleA&show=10 jmb ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
	RE: What are the best open source cisco pix log analyzers? by Jeff Dell :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message This isn't really an undocumented requirement, it is a value that is set in the database schema. It can be changed easily enough by changing the length of the column from 16 to 32, 64, 128 or whatever you like. Cheers, Jeff > -----Original Message----- > From: Robertson, Seth (JSC-IM) [mailto:Seth.Robertson-1@...] > Sent: Tuesday, June 13, 2006 2:28 PM > To: focus-ids@... > Subject: RE: What are the best open source cisco pix log analyzers? > > Good luck, I'm afraid there basically aren't any. There is > the Honeynet > Security Console and a Perl script called FISQ which is used to import > log data into the HSC database, but I didn't have much luck with it. > For example, the name of the table my firewall data was stored in was > longer than 16 characters, which violated an undocumented requirement > for HSC to be able read data from it. A cheap alternative is FireGen, > which runs about $200. It produces pretty good reports, but isn't > customizable. > > BTW, there's a firewalls@... mailing list which > you would > probably have better success with. > > > Seth Robertson > > > -----Original Message----- > From: pine@... [mailto:pine@...] > Sent: Tuesday, June 13, 2006 12:53 PM > To: focus-ids@... > Subject: What are the best open source cisco pix log analyzers? > > Hello, everyone . > > > > I am looking for the best open source log analyzers or > parsers for Cisco > PIX. > > > > Please recommend. > > > > I found these > > http://fwlogwatch.inside-security.de/ > > http://www.wallfire.org/wflogs/ > > I don't think they are the best of the available > > > > Thanks a lọt > > > -------------------------------------------------------------- > ---------- > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it with real-world attacks from > CORE IMPACT. > Go to > http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > -------------------------------------------------------------- > ---------- > > -------------------------------------------------------------- > ---------- > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > -------------------------------------------------------------- > ---------- > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
	Re: What are the best open source cisco pix log analyzers? by Jason Baeder :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Snortalog will read Cisco PIX logs: http://jeremy.chartier.free.fr/snortalog/ It also has the advantage of being very useful for Snort logs ;-) For just firewall logs, look at fwanalog: http://tud.at/programm/fwanalog/ Regards, Jason Baeder CISSP GCIA GCIH --- pine@... wrote: > Hello, everyone . > > I am looking for the best open source log analyzers or parsers for > Cisco PIX. > > Please recommend. > > I found these > http://fwlogwatch.inside-security.de/ > http://www.wallfire.org/wflogs/ > I don't think they are the best of the available > > Thanks a lọt > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > ------------------------------------------------------------------------ > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
	RE: What are the best open source cisco pix log analyzers? by Robertson, Seth (JSC-IM) :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message One strong point about HSC is that Jeff was more to happy to help troubleshoot the issues I had! ;-) To bring this to something resembling IDS, the HSC also supports snort sensors among other network devices. Seth Robertson -----Original Message----- From: Jeff Dell [mailto:jdell@...] Sent: Tuesday, June 13, 2006 3:24 PM To: Robertson, Seth (JSC-IM); focus-ids@... Subject: RE: What are the best open source cisco pix log analyzers? This isn't really an undocumented requirement, it is a value that is set in the database schema. It can be changed easily enough by changing the length of the column from 16 to 32, 64, 128 or whatever you like. Cheers, Jeff > -----Original Message----- > From: Robertson, Seth (JSC-IM) [mailto:Seth.Robertson-1@...] > Sent: Tuesday, June 13, 2006 2:28 PM > To: focus-ids@... > Subject: RE: What are the best open source cisco pix log analyzers? > > Good luck, I'm afraid there basically aren't any. There is the > Honeynet Security Console and a Perl script called FISQ which is used > to import log data into the HSC database, but I didn't have much luck > with it. > For example, the name of the table my firewall data was stored in was > longer than 16 characters, which violated an undocumented requirement > for HSC to be able read data from it. A cheap alternative is FireGen, > which runs about $200. It produces pretty good reports, but isn't > customizable. > > BTW, there's a firewalls@... mailing list which you > would probably have better success with. > > > Seth Robertson > > > -----Original Message----- > From: pine@... [mailto:pine@...] > Sent: Tuesday, June 13, 2006 12:53 PM > To: focus-ids@... > Subject: What are the best open source cisco pix log analyzers? > > Hello, everyone . > > > > I am looking for the best open source log analyzers or parsers for > Cisco PIX. > > > > Please recommend. > > > > I found these > > http://fwlogwatch.inside-security.de/ > > http://www.wallfire.org/wflogs/ > > I don't think they are the best of the available > > > > Thanks a lọt > > > -------------------------------------------------------------- > ---------- > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it with real-world attacks from > CORE IMPACT. > Go to > http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > -------------------------------------------------------------- > ---------- > > -------------------------------------------------------------- > ---------- > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it with real-world attacks from > CORE IMPACT. > Go to > http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > -------------------------------------------------------------- > ---------- > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
	Re: What are the best open source cisco pix log analyzers? by Mike Sweeney :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Jun 13, 2006, at 1:24 PM, Jeff Dell wrote: > >> >> Good luck, I'm afraid there basically aren't any. There is >> the Honeynet >> Security Console and a Perl script called FISQ which is used to >> import >> log data into the HSC database, but I didn't have much luck with it. >> For example, the name of the table my firewall data was stored in was >> longer than 16 characters, which violated an undocumented requirement >> for HSC to be able read data from it. A cheap alternative is >> FireGen, >> which runs about $200. It produces pretty good reports, but isn't >> customizable. Thats a funny comment given that a very large search engine company does their own log file analysis using an inhouse tweaked open source application. And no, I'm not going to say who or what since it is not clear to me what exactly the NDA during the interview covered. So I have to disagree with the comment "there arent any". There some good ones IF you will put in the time and effort to dial it into your needs. Firegen is so-so. I used it for about a year on PIX firewalls and while it worked most of the time, it was picky about how the server was set up. It does not like terminal servers much which caused some pain. mikesweeney@... www.packetattack.com Home of "Network Security using Linux" ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
	RE: What are the best open source cisco pix log analyzers? by Robertson, Seth (JSC-IM) :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message For the record I'll disagree with my own comment "there aren't any", which was hasty. From what I know there are a much broader set of viable options in the Linux/UNIX world than for the Windows platform...the last time I reviewed open source firewall log analysis products the customer insisted on a Windows server so that limited my options considerably, and that biased my response. That requirement is totally inappropriate in pine's case because the two products he mentioned are Linux/UNIX. The two links that people sent to syslog.org and loganalysis.org are the best lists that I've come across. Again, I'm going to bite my tongue for saying this (because it's obvious), but if you HAVE to use a Windows machine your free/open source options are greatly limited. CiscoWorks is great if you have the money (and it WILL cost you). I can't say you'll need an inordinate amount more time molding an open source product to do what you want than you would using CiscoWorks, but it will take more time and there's obviously a different skillset required. It will take much less money though! Mike didn't say it in respect of a NDA but I'll say from public knowledge and from talking with friends there: Yahoo! uses a good deal of open source (e.g., they're public about FreeBSD, MySQL AB) and more power to them! Open source was my bread and butter for some years and I've done a tiny part here and there to contribute it too. What I should have said was that in my opinion there is no "Snort" of firewall log analysis which basically dominates commercial alternatives. Seth Robertson -----Original Message----- From: Mike Sweeney [mailto:mikesweeney@...] Sent: Wednesday, June 14, 2006 9:45 AM To: Jeff Dell Cc: Robertson, Seth (JSC-IM); focus-ids@... Subject: Re: What are the best open source cisco pix log analyzers? On Jun 13, 2006, at 1:24 PM, Jeff Dell wrote: > >> >> Good luck, I'm afraid there basically aren't any. There is the >> Honeynet Security Console and a Perl script called FISQ which is used >> to import log data into the HSC database, but I didn't have much luck >> with it. >> For example, the name of the table my firewall data was stored in was >> longer than 16 characters, which violated an undocumented requirement >> for HSC to be able read data from it. A cheap alternative is >> FireGen, which runs about $200. It produces pretty good reports, but >> isn't customizable. Thats a funny comment given that a very large search engine company does their own log file analysis using an inhouse tweaked open source application. And no, I'm not going to say who or what since it is not clear to me what exactly the NDA during the interview covered. So I have to disagree with the comment "there arent any". There some good ones IF you will put in the time and effort to dial it into your needs. Firegen is so-so. I used it for about a year on PIX firewalls and while it worked most of the time, it was picky about how the server was set up. It does not like terminal servers much which caused some pain. mikesweeney@... www.packetattack.com Home of "Network Security using Linux" ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
	Re: What are the best open source cisco pix log analyzers? by kphilipsen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message You can check out PIX Logging Architecture, it's free and open source and does basically real time PIX log correlation by parsing the PIX syslog messages and pushing them towards a MySQL database which can be consulted with a web based front-end. PIX Logging Architecture 1.x can be found and downloaded at http://www.logging-architecture.net and it's about the release version 2.x in beta .. http://www.logging-architecture.net/pla2/ Cheers. pine-2 wrote: > > Hello, everyone . > > > > I am looking for the best open source log analyzers or parsers for Cisco > PIX. > > > > Please recommend. > > > > I found these > > http://fwlogwatch.inside-security.de/ > > http://www.wallfire.org/wflogs/ > > I don't think they are the best of the available > > > > Thanks a lọt > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > ------------------------------------------------------------------------ > > > http://www.google.com http://www.google.com -- View this message in context: http://www.nabble.com/What-are-the-best-open-source-cisco-pix-log-analyzers--tf1781816.html#a5879312 Sent from the IDS (Intrusion Detection System) forum at Nabble.com. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------