I have two PIX's 535 running 4.5. My job is to review the logs on a daily basis. Do you have or know of a PIX log reader something to make it easy to read the log files?
Having managed two PIX firewalls myself (in previous case, configured with fail-over option) - I understand the situation that you are in and empathize with respect to making it "easy to read the log files."
First, from a security standpoint, I noticed that your current PIX software version is outdated. Consider looking into and upgrading to the 6.x generation or, at a minimum version 5.34, which I have found to be a very stable PIX version.
Second, regardless of your Syslog solution, consider the following steps to increase your log security ? I've also included a program (recommended by a Cisco engineer) that I've used, which you can configure in conjunction with the log reader. However, keep in mind that if you plan to use SSH, it has its share of vulnerabilities and syslog software is no exception.
- Set up a dedicated Syslog server with no other services running and configure TCP/IP filtering or IPSec to block ports other than the Syslog unique port (you use in #2.) Apply physical security.
- Change the default port of the Syslog software/daemon on your server and in your PIX firewalls and routers and add your dedicated Syslog server, I.E. "logging
- If you haven't already done so, read my security articles online on protecting your border routers and PIX firewalls (see link):
- Set and test the appropriate level of logging for your company. Avoid hindering your future efforts to track a suspicious event by not logging enough information.
- Closely monitor your Syslog server and create a baseline for normal operation. Archive your logs hourly to tape.
Kiwi Enterprises (www.kiwisyslog.com) offers a freeware Syslog Daemon 7.x and Log Viewer 1.x for Windows platforms to display log files in an easy to read manner through "column sorting and re-ordering". In addition, Kiwi offers a Syslog message generator called SyslogGen to emulate PIX messages and help you test the Syslog Daemon setup. Kind regards,
Related Q&A from Retired Expert - Luis Medina
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.