O'Reilly logo

Cisco ASA and PIX Firewall Handbook by Dave Hucaby

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

9-4. Analyzing Firewall Logs

The most important thing you can do with a firewall is collect and analyze its Syslog information.

Firewall logs should be inspected on a regular basis. Always make sure the Syslog collector or server is configured to archive older information and that disk space is not completely consumed.

The Syslog collector or server should be sized according to the following parameters:

  • The number of firewalls and other network devices sending Syslog messages to the Syslog server

  • The number of Syslog events per second (usually called EPS) generated by all devices

  • How long Syslog information should be kept available

Consider the type of information you want to get from your firewall logs. Here are some examples:

  • Connections permitted ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required