I am in the same boat as you. I do not have time to review them at all but I do find them useful for monitoring and troubleshooting. For example, I have my syslog server setup to notify me of a VPN login success or failures (I have few VPN connections.) My syslog server also notifies me when changes are made to my firewall config. My network is/will be changing quite a bit and sometimes I use the syslog messages to troubleshoot failed connections. I occasionally take logs for a week and analyze all the %PIX-6-302016 and %PIX-6-302014. These events have source/destination ports/IP as well as connection duration and bytes transferred. I wrote a program to parse out the syslog message field into something useable. I import those events into a database and run queries against them. I hope this helps. -----Original Message----- From: Marius Baicoianu [mailto:mbaicoianuat_private] Sent: Tuesday, July 29, 2003 2:28 PM To: LogAnalysisat_private Subject: [logs] PIX logging Hi, I have red your messages in reference with the PIX logging and I would like to ask you few things: - after you configure syslog and logrotate to log and rotate my system logs what do I do next? - do you have a easy way to review these logs? scripts or procedures? I'am able to have all the PIX logs on a syslog server, and I am able to cut them daily, but I don't know what I suppose to do next....How can I review so much info? Please help. Thanks. __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Jul 29 2003 - 13:38:32 PDT