Identifying Incidents Using Firewall and IOS Router Syslog Events

Date Added: Jan 2009
Format: HTML

The focus of this paper is the analysis of data contained in the memory buffer of the device, using tools native to the device itself, after a trigger event has occurred. This kind of analysis may require an administrator to obtain additional information about the event. This paper does not provide recommendations for logging configurations or tools that provide automated analysis. In most cases, historical analysis will be performed on logging-specific servers, where tools and syntax may be similar. It should be noted that if logging servers exist, using these techniques on such servers would be preferable.