Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > ASA VPN log to SQL Server Database.

Thread Tools

ASA VPN log to SQL Server Database.
Posts: n/a
How would one get these logs into a SQL Server database? DTS does not
seem capable, and the files aren't necessarily comma-dilimeted.

Reply With Quote
Walter Roberson
Posts: n/a
In article <(E-Mail Removed). com>,
<(E-Mail Removed)> wrote:
>How would one get these logs into a SQL Server database? DTS does not
>seem capable, and the files aren't necessarily comma-dilimeted.

Create a text field and push the entire line into it.

If you want to get ambitious, parse the time out and use that as
one of the keys -- but note there are at least 3 different time
formats and you may have to take into account "daylight savings time".

If you want to get finer grained than that, you first have to
define what information you want extracted from each of the several
hundred different potential PIX/ASA messages. Then you need to
go over the PIX/ASA command reference documentation line by line in order
to find out what the limitations are on each field; following that you
will have to examine the error message specifications. This will
allow you to discover the many fields whose structure is not defined,
so you will then need to set up a test lab in order to provoke each
different message in each of its possible modes so that you can
figure out what the -real- message format is. Then you will have
to figure out how to parse the fields out of the actual message
formats, which will effectively require context-sensitive parsing with
backtracking [because some of the configurable fields can be set to
values that -happen- to look like part of the message syntax...]

When you get to the point where you have figured out what parts of
each line to extract and how to reliably extract the information, you
will discover that some of the values of the fields have semantic meaning
which depends upon previous messages, or whose semantic meaning can
only be discovered by deduction over sets of log messages (easier,
possibly, just to parse the configuration file to discover the
relevant information.) So you could put the tokenized information into
an SQL database, but unless you run a parser over the logs that tracks
all the active connections, you will not be able to do reasonable
semantic analysis of the information...

Network Intelligence used to make a program that parsed PIX logs
(amongst other types of logs) into an SQL database, but they dropped
the product a few years ago... which was just as well, as the product
was slow and missed important semantic information more often than not.

What is the goal for which putting the data into an SQL database
would be the tool? There might be easier methods.
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help. Getting a An error has occurred while establishing a connectionto the server. When connecting to SQL Server 2005, this failure may be causedby the fact that under the default settings SQL Server does not allow remote ASP .Net 0 05-03-2008 12:43 PM
ASA 5510 log messages %ASA-4-419002: Duplicate TCP SYN Tilman Schmidt Cisco 5 02-18-2008 12:07 PM
IPSec PIX 501 - ASA 5510 -> log flooded with %ASA-4-402116 Tilman Schmidt Cisco 0 01-24-2008 10:49 AM
ASA 55XX VPN log meni Cisco 1 10-29-2007 04:41 PM
ASA 5505 as hardware vpn client to PIX 501 or ASA 5505 with network extension mode activated Cisco 1 06-17-2007 12:43 PM