-
April 13th, 2006, 11:39 PM
#1
Junior Member
Firewall Log Analysis and Reporting
Hello, I'm looking for a utility that will take PIX, Checkpoint, and Netscreen logs and create reports that I can show to my clients on there network utilization, rule violations, etc.
I've been looking around and have seen several programs, but was wondering if anyone else currently used any of these utilities, and there experiences with them.
Thanks
-
April 14th, 2006, 12:45 AM
#2
My suggestion is to look into Sawmill Lite or Professional:
http://www.sawmill.net/lite.html
Lite is $99 and Pro is $399 (with 5 seat license)
ZT3000
Beta tester of "0"s and "1"s"
-
April 14th, 2006, 12:55 AM
#3
Junior Member
Sawmill
Thanks for the suggestion, I've been looking at Sawmill, have you actually used it before? I wasn't sure if it was meant mostly for diagnosing webservers or firewall logs.
I've been doing some research while at work, and found these as well
30 Day Trial, nice PIX and Netscreen Reports (cheap)
http://www.eventid.net/firegen/
Freeware, but the reports are cheesy, not bad for personal log analysis though.
http://www.sonic.net/wallwatcher/
Free software, works on PIX, Netscreen and Firewall-1 …Shell script Linux/Unix
http://tud.at/programm/fwanalog/
Havn't had time to try the trials on these yet to see if they cover my needs. I'm doing log analysis on over 50 PIX's, 15 Netscreens and 40 Checkpoints.
-
April 14th, 2006, 03:02 AM
#4
Junior Member
These all seemed like they might be useful for client reports.
Was wondering if anyone has actually used a reporting tool before, which one, what they thought of it etc.
30 Day Trial, NICE PIX and Netscreen Log Analysis (cheap)
http://www.eventid.net/firegen/
Freeware, but the reports are cheesy, not bad for personal log analysis though.
http://www.sonic.net/wallwatcher/
Free software, works on PIX, Netscreen and Firewall-1 …Shell script Linux/Unix
http://tud.at/programm/fwanalog/
Not very interesting imo
http://www.stonylakesolutions.com/sls/index.jsp
Another 30 day trial, interesting reports
http://manageengine.adventnet.com/pr...l-reports.html
Suggested in several locations, trying to find firewall use of this software.
http://www.sawmill.net
Interesting, may be useful for IDS
http://www.wallfire.org/wflogs/
Free trial, not sure of use for reporting.
http://www.xplg.com/
Another Free Trial.
http://eiqnetworks.com/products/Netw...Analyzer.shtml
Interesting
http://www.linux-sec.net/Logger/
http://www.netiq.com/products/sm/supporteddevices.asp
Expensive, has a trial
http://www.toplayer.com/content/prod...rewall_eiQ.jsp
Very interesting analysis software.
http://www.fresheggnt.com/eiq-firewall-analyzer.asp
http://www.marshal.com/pages/firewallsuite.asp
http://algosec.com/Products/FA/
-
April 14th, 2006, 05:54 AM
#5
I've used Sawmill, only as a trial a couple years ago. It was way overkill to simply interrogate a couple small router logs. Although I'd certainly use it for a job like yours.
ZT3000
Beta tester of "0"s and "1"s"
-
April 14th, 2006, 06:05 AM
#6
Junior Member
Thanks,
I'll take a look at it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|