February 14th, 2005, 05:51 PM
Firewall log analysis
I'm looking for some recomendations for a good firewall log analysis application. I've played with eIQ's Firewall Analyzer and StonyLakes Firewall Reporter. I was wondering if anyone can suggest some other apps that I should take a look at. I would like to be able to see authorized and blocked activity based on total count and source/destination IP address. Along with that I also would like the ability to view/track bandwidth utilization per source/destination IP. I can and have been using MRTG to track the bandwidth utilization currently, but we would like something more robust, with the capability to see *where* the bandwidth is actually going. I did like the StonyLake solution and am leaning that way currently, but thought I would toss this out there and see if anyone can recommend another solution for me to check out. I currently only have one firewall to report on and that is shared amogst our clients, but that may change if any of our client decide that they want their own. We are a small company so budget is a concern and I'm not a developer so O.S. solutions are a bit tough for me to work with...even though I managed to get MRTG working and running on a win2k box. I'm not opposed to O.S. solutions, but they are harder to work with given I have no desire to become a developer.
StonyLake Solutions 'Firewall Reporter' - http://www.stonylakesolutions.com/sls/index.jsp
eIQ Networks 'Firewall Analyzer' - http://www.eiqnetworks.com/products/...analyzer.shtml
just making some minor adjustments to your system....