On Thu, Feb 10, 2005 at 11:08:28AM -0500, Carey Heck wrote: > <snip> > Lets use an example: > > I want to show an auditor what exactly went through my firewall, > to/from a specific DMZ host, between the hours of 1 and 3pm GMT, on > July 8th, 2003. > > In checkpoint, if I had correctly configured my ruleset, and archived > my log files properly, I could provide this answer within 30 minutes. > > Fast forward to my current company, which went with a Cisco PIX > solution based on the up front cost. I can log all the connections to > my heart content, but boy mining the data to help show what happened > in my above example has been tiresome at best. > > Can anyone here please suggest to me some type of logging and more > relevantly, a granular lo analyzer that can help me achieve this end? <snip> You might want to take a look at LogReport's Lire ( http://www.logreport.org/ ) . It can analyze PIX logs, as well as a truckload of other log types. On the loganalysis website, other alternatives are mentioned (but I guess you knew that). Bye, Joost
_______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Sun Feb 13 2005 - 21:50:52 PST