Results 1 to 6 of 6

Thread: Firewall Log Analysis and Reporting

  1. #1
    Junior Member
    Join Date
    Apr 2006
    Posts
    22

    Firewall Log Analysis and Reporting

    Hello, I'm looking for a utility that will take PIX, Checkpoint, and Netscreen logs and create reports that I can show to my clients on there network utilization, rule violations, etc.

    I've been looking around and have seen several programs, but was wondering if anyone else currently used any of these utilities, and there experiences with them.

    Thanks

  2. #2
    Senior Member
    Join Date
    Mar 2005
    Posts
    400
    My suggestion is to look into Sawmill Lite or Professional:
    http://www.sawmill.net/lite.html

    Lite is $99 and Pro is $399 (with 5 seat license)
    ZT3000
    Beta tester of "0"s and "1"s"

  3. #3
    Junior Member
    Join Date
    Apr 2006
    Posts
    22

    Sawmill

    Thanks for the suggestion, I've been looking at Sawmill, have you actually used it before? I wasn't sure if it was meant mostly for diagnosing webservers or firewall logs.

    I've been doing some research while at work, and found these as well

    30 Day Trial, nice PIX and Netscreen Reports (cheap)
    http://www.eventid.net/firegen/
    Freeware, but the reports are cheesy, not bad for personal log analysis though.
    http://www.sonic.net/wallwatcher/
    Free software, works on PIX, Netscreen and Firewall-1 …Shell script Linux/Unix
    http://tud.at/programm/fwanalog/

    Havn't had time to try the trials on these yet to see if they cover my needs. I'm doing log analysis on over 50 PIX's, 15 Netscreens and 40 Checkpoints.

  4. #4
    Junior Member
    Join Date
    Apr 2006
    Posts
    22
    These all seemed like they might be useful for client reports.

    Was wondering if anyone has actually used a reporting tool before, which one, what they thought of it etc.

    30 Day Trial, NICE PIX and Netscreen Log Analysis (cheap)
    http://www.eventid.net/firegen/
    Freeware, but the reports are cheesy, not bad for personal log analysis though.
    http://www.sonic.net/wallwatcher/
    Free software, works on PIX, Netscreen and Firewall-1 …Shell script Linux/Unix
    http://tud.at/programm/fwanalog/
    Not very interesting imo
    http://www.stonylakesolutions.com/sls/index.jsp
    Another 30 day trial, interesting reports
    http://manageengine.adventnet.com/pr...l-reports.html
    Suggested in several locations, trying to find firewall use of this software.
    http://www.sawmill.net
    Interesting, may be useful for IDS
    http://www.wallfire.org/wflogs/
    Free trial, not sure of use for reporting.
    http://www.xplg.com/
    Another Free Trial.
    http://eiqnetworks.com/products/Netw...Analyzer.shtml
    Interesting
    http://www.linux-sec.net/Logger/
    http://www.netiq.com/products/sm/supporteddevices.asp
    Expensive, has a trial
    http://www.toplayer.com/content/prod...rewall_eiQ.jsp
    Very interesting analysis software.
    http://www.fresheggnt.com/eiq-firewall-analyzer.asp
    http://www.marshal.com/pages/firewallsuite.asp
    http://algosec.com/Products/FA/

  5. #5
    Senior Member
    Join Date
    Mar 2005
    Posts
    400
    I've used Sawmill, only as a trial a couple years ago. It was way overkill to simply interrogate a couple small router logs. Although I'd certainly use it for a job like yours.
    ZT3000
    Beta tester of "0"s and "1"s"

  6. #6
    Junior Member
    Join Date
    Apr 2006
    Posts
    22
    Thanks,
    I'll take a look at it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •