Analysis and implement of PIX firewall syslog log

摘要

Useful information concerning with the network running status is included in logs generated by firewall, but analyzing large quantity data is very difficult. Therefore, based on Cisco PIX firewall, this paper gathered Syslog logs by employing the thread pool technique, then filtered and categorized them with key words, and finally stored them with format. Through the TopN statistics analysis, research and detection on security event based on feature, it realizes monitoring effectively the network traffic, application service, user behavior and running status, and it also provides the basis of network management and security strategy design for administrator, thereby strengthens further network management.