OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Looking for program to analyze logs
From: Brian Macke (bmackeLUCENT.COM)
Date: Wed Mar 22 2000 - 11:05:20 CST

When I was administering a PIX, I used "swatch" for my log analysis. It's
a freely available tool for Unix that can actively monitor the PIX
logs. My configuration file was about 30-40 lines and it trimmed down the
logs to a manageable 1-5,000 lines per day. If you want something less
than that, you can trim it down even further. It's small and easy to
control.

Just remember not to ignore the real logs. You're getting a synopsis out
of swatch. The real truth is in those logs and that'll give you a better
explanation of an incident.

On Tue, 21 Mar 2000, Mieth Lindsay wrote:

> Reviewing your messages and seeing the traffic I am working with, I have
> surmised that you have some pretty decent tools to work with. Our PIX
> produces about 500mb of logs a day which means I might as well not have
> logging since there is no way I can review this amount of data myself.
> Would you please recommend an analyzing tool to break out the important or
> at least likely important information from the logs?
>
> Sincerely,
>
> Lindsay Mieth 

--
-Brian James Macke, CISSP				bmackelucent.com
 Network Systems Security Engineer			Lucent Technologies
    "In order to get that which you wish for, you must first get that which
     builds it."			-- Unknown