Results 1 to 9 of 9

Thread: Firewall log analysis

  1. #1
    Senior Member
    Join Date
    Jul 2002
    Posts
    106

    Firewall log analysis

    Hey all,

    I'm looking for some recomendations for a good firewall log analysis application. I've played with eIQ's Firewall Analyzer and StonyLakes Firewall Reporter. I was wondering if anyone can suggest some other apps that I should take a look at. I would like to be able to see authorized and blocked activity based on total count and source/destination IP address. Along with that I also would like the ability to view/track bandwidth utilization per source/destination IP. I can and have been using MRTG to track the bandwidth utilization currently, but we would like something more robust, with the capability to see *where* the bandwidth is actually going. I did like the StonyLake solution and am leaning that way currently, but thought I would toss this out there and see if anyone can recommend another solution for me to check out. I currently only have one firewall to report on and that is shared amogst our clients, but that may change if any of our client decide that they want their own. We are a small company so budget is a concern and I'm not a developer so O.S. solutions are a bit tough for me to work with...even though I managed to get MRTG working and running on a win2k box. I'm not opposed to O.S. solutions, but they are harder to work with given I have no desire to become a developer.

    TIA

    StonyLake Solutions 'Firewall Reporter' - http://www.stonylakesolutions.com/sls/index.jsp
    eIQ Networks 'Firewall Analyzer' - http://www.eiqnetworks.com/products/...analyzer.shtml
    just making some minor adjustments to your system....

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Not sure if they support your Firewall, as you didn't tell us what it was , but you might want to have a look at Webtrends Firewall Suite

    Cheers:
    DjM

  3. #3
    Senior Member
    Join Date
    Jul 2002
    Posts
    106
    oops..my bad DjM. I'm using a Cisco PIX.

    I looked at the NetIQ Firewall suite, which correct me if I'm wrong, should be the same as the Webtrends package? Oddly enough, when looking at their list of supported firewalls, Cisco was not one of them?

    Thanks
    just making some minor adjustments to your system....

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Cisco was on there...

    Cisco Systems

    Pix Secure Firewall v4.x, 5.x, 6.x
    SRC, FWS
    IOS Firewall Feature Set v11.3, 12.1
    SRC, FWS
    It was filed under "C".

    http://www.netiq.com/products/fwr/compatible.asp

    Unless, that is, you're talking about a different product.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by ol jeb
    which correct me if I'm wrong, should be the same as the Webtrends package?
    Note sure how they (NetIQ) are bundling they products now. I have been using the Firewall Suite for about 4 years now, when we bought it, that's all we wanted and all we bought.

    Cheers:
    DjM

  6. #6
    Senior Member
    Join Date
    Jul 2002
    Posts
    106
    phishphreek...you are correct. i gotz myself all confooooozed with their 'WELF certification'.

    DjM...it looks like NetIQ is no longer offering the Webtrends Firewall Suite under the Webtrends name. Instead offering it under their NetIQ umbrella. It did not look like it from their online demo that you could determine that 'x' source IP addy was connected to 'x' destination IP addy and using 'x' amount of bandwidth, is that possible with the version you are using? I saw that it gave totals, but it did not appear to be able to break that down to a more granular level such as the StonyLake solution.
    just making some minor adjustments to your system....

  7. #7
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by ol jeb
    phishphreek...DjM...it looks like NetIQ is no longer offering the Webtrends Firewall Suite under the Webtrends name. Instead offering it under their NetIQ umbrella. It did not look like it from their online demo that you could determine that 'x' source IP addy was connected to 'x' destination IP addy and using 'x' amount of bandwidth, is that possible with the version you are using? I saw that it gave totals, but it did not appear to be able to break that down to a more granular level such as the StonyLake solution.
    I haven't played around with the bandwidth reports very much (not a priority here), the reports I use the most are the ones related with who is going where and how long are they there. The reports I use/created serve our requirements very well.

    Sorry, this may not be the solution for you, do they still provide for a 30 day demo version?

    Cheers:
    DjM

  8. #8
    Senior Member
    Join Date
    Jul 2002
    Posts
    106
    Djm: do they still provide for a 30 day demo version?
    Yes, they still offer a downloadable demo and I am going to set it up to give it a whirl just to kick the tires and take it for a test drive.

    Thanks
    just making some minor adjustments to your system....

  9. #9
    I've been using wallwatcher @ http://www.sonic.net/wallwatcher/ It may not be robust enough for your requirements but it's free and so probably worth checking out.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •