Hi Travis
> Not sure what you're looking for exactly here ... the PIX is only going to
> log a certain amount of info about anything. If you want info about what
> a.b.c.d did to ip e.f.g.h, and it's going over something that's allowed in
> your ACLs, you'd need close to debug level logging ...
>
> I'm logging informational on a couple of pixen, and get things like:
> 304001: xxx.xxx.xxx.xx Accessed URL
> xxx.xxx.xxx.xx:/GMES/get.html?target=GMR&z=136037049
kewl thanks. I think I've found what I'm looking for (level6) I just
didn't have my syslogd configured correctly.
> in specific reference to log analysis, I've not found anything useful on CCO
> (no, I don't use firewall manager, as I don't run NT)
didn't even know it existed :P
> I've been looking at several of the tools at
> http://www.counterpane.com/log-analysis.html and many of them are capable
> of grinding PIX logs and creating audit-style information. However,
> depending on the level of detail you're looking for, it might be easier to
> put a box running snort outside your firewall and grab all the packets on
> the wire for further analysis.
kewl, I'll take a look at it. I did find something to turn pix-style
syslogs into snort-formatted logs, which I can then use things like
snortsnarf and the like with. The url should be
http://cs.calvin.edu/~mpost89/pixlog/.
Thanks to all who responded privately aswell.
Regards
--Rob
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:24 EDT