I saw a reference to an article titled Inexpensive Cisco Network Log Analysis by Mark Lachniet over at LinuxSecurity.com this morning. The log analysis article is well written and describes setting up Kiwi Syslog, configuring a PIX Firewall for syslog; and then configuring Sawmill log analyzer to provide reports based on the logged data.
Reading through the article the PIX configuration had one issue: the author omitted the "logging on" command that enables the logging process on the PIX.
If you are thinking of running Kiwi and the Sawmill analyzer I'd suggest starting out with a PIX Firewall that is at the same location as the syslog server. The PIX can generate quite a lot of log data and I'd suggest learning what your PIX will log given your network, users, and applications before trying to setup logging from a remote location.
No comments:
Post a Comment