December 31st, 2002, 01:43 AM
Symantec VPN/Firewall Appliance
Has anyone ever used the Symantec VPN/Firewall appliances? the 100, 200, or 200r?
If so, did you manage to find any log analysis app which would actually deal with their logformat, and messages? I currently have one setup to log to a syslog server, and another one which is emailing me the logs, but, I can't seem to get the info into any product which we can use with our other firewalls, like the NetIQ Firewall analyser, or any of the others. It is seriously a pain to have to review this data seperately.
December 31st, 2002, 06:32 PM
If it outputs to syslog format, just about any log analysis/correlation utility should be able to read the logs.
December 31st, 2002, 11:07 PM
I can read the syslog with any number of utilities, doing as much correlation/analysis as possible that way. My issue is, If I do it that way, I need to develop my own filters etc to correlate it all together and to get the required outcome from all the processing which goes on. I can do that if needed, no problem except time. However, we have software which does all of that for us with checkpoint and raptor firewall logs, including about 25 other types it could do. It makes accounting/usage and error and security reports automagically.
I was just hoping that someone somewhere had found a neat way to deal with these logs.