ASA VPN log to SQL Server Database.

Discussion in 'Cisco' started by rschweiger@gmail.com, Jun 7, 2006.

  1. Guest

    How would one get these logs into a SQL Server database? DTS does not
    seem capable, and the files aren't necessarily comma-dilimeted.
    , Jun 7, 2006
    #1
    1. Advertising

  2. In article <>,
    <> wrote:
    >How would one get these logs into a SQL Server database? DTS does not
    >seem capable, and the files aren't necessarily comma-dilimeted.


    Create a text field and push the entire line into it.

    If you want to get ambitious, parse the time out and use that as
    one of the keys -- but note there are at least 3 different time
    formats and you may have to take into account "daylight savings time".

    If you want to get finer grained than that, you first have to
    define what information you want extracted from each of the several
    hundred different potential PIX/ASA messages. Then you need to
    go over the PIX/ASA command reference documentation line by line in order
    to find out what the limitations are on each field; following that you
    will have to examine the error message specifications. This will
    allow you to discover the many fields whose structure is not defined,
    so you will then need to set up a test lab in order to provoke each
    different message in each of its possible modes so that you can
    figure out what the -real- message format is. Then you will have
    to figure out how to parse the fields out of the actual message
    formats, which will effectively require context-sensitive parsing with
    backtracking [because some of the configurable fields can be set to
    values that -happen- to look like part of the message syntax...]

    When you get to the point where you have figured out what parts of
    each line to extract and how to reliably extract the information, you
    will discover that some of the values of the fields have semantic meaning
    which depends upon previous messages, or whose semantic meaning can
    only be discovered by deduction over sets of log messages (easier,
    possibly, just to parse the configuration file to discover the
    relevant information.) So you could put the tokenized information into
    an SQL database, but unless you run a parser over the logs that tracks
    all the active connections, you will not be able to do reasonable
    semantic analysis of the information...


    Network Intelligence used to make a program that parsed PIX logs
    (amongst other types of logs) into an SQL database, but they dropped
    the product a few years ago... which was just as well, as the product
    was slow and missed important semantic information more often than not.


    What is the goal for which putting the data into an SQL database
    would be the tool? There might be easier methods.
    Walter Roberson, Jun 7, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brian Whiting
    Replies:
    2
    Views:
    671
    Brian Whiting
    Dec 29, 2005
  2. Tommy
    Replies:
    1
    Views:
    1,733
    Mr. Arnold
    Nov 29, 2007
  3. Replies:
    0
    Views:
    1,413
  4. DataBase DataBase DataBase DataBase

    , Sep 26, 2012, in forum: Computer Information
    Replies:
    0
    Views:
    947
  5. Database Database Database Database

    , Sep 27, 2012, in forum: Computer Information
    Replies:
    0
    Views:
    807
Loading...

Share This Page