Darksat IT Security Forums

Hardware, Software and Security => IT Security Forum => Topic started by: mobi_khan on March 12, 2009, 04:38:04 am



Title: How to get Syslog event from Firewall on two differnt Applications
Post by: mobi_khan on March 12, 2009, 04:38:04 am
Hi guyz,

Hope you are all fine.

We have deployed a firewall on our network. Its a ASA-5510 Cisco product. We have deployed an application Firewall analyzer which get the events generated at the firewall and provide us the details of the events. Now We have another application GFI Event Manager which we have used to collect the events from the critical system and servers for centralized logging and monitoring. I have seen that GFI Event Manager also support the syslog events, so I was thinking to configure the GEI Event Manager so that I can also collect the firewall events from the Cisco firewall.

When I talked to some people I came to know that firewall cannot support this feature i.e. you cannot redirect or get the events generated on the firewall to two different applications which in this case are the GFI Event Manager and Firewall Analyzer. Can you guys help me with that and provide me your comments on how to resolve this issue or it cannot be solved?

Thanks in advance.


Title: Re: How to get Syslog event from Firewall on two differnt Applications
Post by: Darksat on March 28, 2009, 01:14:03 pm
Hey, I think you can do it with syslog-ng
http://www.balabit.com/network-security/syslog-ng/
Your going to need a nix box to run it on then forward it on using syslog-ng.


Or if you have universal broadcast address (*.*.*.255) enabled you could point it at that and have your data sent to every machine on that C class, however that makes you vulnerable to smurf attacks and its generally not a good idea to do that unless your sure nothing can get past your firewall to 255 from outside plus it will generate a load of extra traffic acros the network.
Generally not a good idea ;D


Title: Re: How to get Syslog event from Firewall on two differnt Applications
Post by: mobi_khan on April 01, 2009, 07:20:38 am
Thank you Darksat for helping me out.