Darksat IT Security Forums
October 19, 2019, 06:23:17 pm
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Darksat IT Security Forum
From Firewall Support, AntiVirus Questions, Spyware problems, Linux and Windows Security, Black Hat SEO right down to Website Design and Multimedia
 
  Home Help Search Gallery Links Staff List Login Register  

How to get Syslog event from Firewall on two differnt Applications


Pages: [1]
  Print  
Author Topic: How to get Syslog event from Firewall on two differnt Applications  (Read 1867 times)
mobi_khan
31337
***
Posts: 42


View Profile
« on: March 12, 2009, 04:38:04 am »

Hi guyz,

Hope you are all fine.

We have deployed a firewall on our network. Its a ASA-5510 Cisco product. We have deployed an application Firewall analyzer which get the events generated at the firewall and provide us the details of the events. Now We have another application GFI Event Manager which we have used to collect the events from the critical system and servers for centralized logging and monitoring. I have seen that GFI Event Manager also support the syslog events, so I was thinking to configure the GEI Event Manager so that I can also collect the firewall events from the Cisco firewall.

When I talked to some people I came to know that firewall cannot support this feature i.e. you cannot redirect or get the events generated on the firewall to two different applications which in this case are the GFI Event Manager and Firewall Analyzer. Can you guys help me with that and provide me your comments on how to resolve this issue or it cannot be solved?

Thanks in advance.
Report Spam   Logged

Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #1 on: March 28, 2009, 01:14:03 pm »

Hey, I think you can do it with syslog-ng
http://www.balabit.com/network-security/syslog-ng/
Your going to need a nix box to run it on then forward it on using syslog-ng.


Or if you have universal broadcast address (*.*.*.255) enabled you could point it at that and have your data sent to every machine on that C class, however that makes you vulnerable to smurf attacks and its generally not a good idea to do that unless your sure nothing can get past your firewall to 255 from outside plus it will generate a load of extra traffic acros the network.
Generally not a good idea Grin
Report Spam   Logged
mobi_khan
31337
***
Posts: 42


View Profile
« Reply #2 on: April 01, 2009, 07:20:38 am »

Thank you Darksat for helping me out.
Report Spam   Logged

Pages: [1]
  Print  
 
Jump to:  

Powered by EzPortal
eXTReMe Tracker
Security Forum
Bookmark this site! | Upgrade This Forum
SMF For Free - Create your own Forum


Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy
Page created in 0.031 seconds with 14 queries.