Cisco Log Analyzer
Routers and switches are the traffic directors for networks, and dynamically discover the best routes for data packets to travel. Router failures can disrupt communication by slowing down the packets. Firewalls and IDS/IPS devices provide network security by filtering and inspecting packets for malicious content. All these devices log traffic activity and other important security information. It is important to monitor and analyze the activity on these devices. Cisco network devices are among the most commonly used.
Advantages of Cisco network analysis
Analyzing your Cisco logs allows you to:
- Track all logons and discover any authentication errors.
- Ensure that the devices are always properly configured and monitor configuration changes.
- Examine all router and switch connections (including those denied) and identify the source and destination devices interacting with them the most.
- Break down details about traffic passing through devices based on protocol (e.g. TCP, UDP, and ICMP).
- Analyze port usage on your devices and learn when any are down.
- Examine all system events of concern and identify routers requiring attention.
- Discover traffic flow errors and note those occurring most frequently.
However, it's not easy to do all this on your own. With a Cisco syslog server like EventLog Analyzer, you can simplify your Cisco network monitoring and analysis.
Cisco network device management with EventLog Analyzer
EventLog Analyzer provides Cisco log management with the following features:
- A device of prepackaged reports detailing router and switch activity help you intuitively visualize your data in list, chart, and graph formats.
- Trend reports discover patterns in your data, while top N reports reveal the people and devices most frequently responsible for certain events.
- Easily switch from viewing reports to plain-text log information.
- Custom, real-time alerts eliminate the need for manual report surveillance.
- Powerful forensics allow you to easily find the logs you need.
This solution aids Cisco log monitoring in the following areas:
- Cisco router monitoring: Monitor Cisco router syslogs for information on logons, configuration changes, connection details, traffic details and system events.
- Cisco switch monitoring: Monitor switch activity such as traffic information and system events.
- Cisco firewall monitoring: Monitor firewall traffic, account changes, logons, threat information and more for Cisco ASA and Cisco PIX devices.
- Cisco VPN monitoring: Monitor remote VPN logons and VPN user information for Cisco ASA devices.
- Cisco IDS/IPS monitoring: Monitor attack information and identify frequently targeted devices, and more.
Router Logon Reports
- Audit all successful router logons.
- Obtain details on SSH and VPN logons.
- View all VPN authentication and authorization errors.
- View successful and failed logons categorized by device, user, and remote device.
- Identify patterns or anomalies by looking at logon trends.
Logons | Failed logons | Bad authentication | SSH logons | Failed SSH logons | Closed SSH sessions | Failed VPN logons | VPN authorization errors | Top logons based on device | Top logons based on user | Top logons based on remote device | Top failed logons based on device | Top failed logons based on user | Top failed logons based on remote device | Top VPN authentication errors based on interface | Top VPN authentication errors based on user | Top VPN authorization errors based on interface | Top VPN authorization errors based on user | Top SSH logons based on remote device | Top SSH logons based on user | Top failed SSH logons based on remote device | Top failed SSH logons based on user | Logon trends | Failed logon trends
Router Configuration Reports
- View details on all uplinks and downlinks.
- Track all configuration and link state changes.
- Identify all link errors, including a list of those occurring most frequently.
- View top configuration changes classified by user and remote device.
Reports on uplinks | Reports on downlinks | Reports on uplinks and downlinks | Link state changes | Configuration changes | System restarts | Link errors | Top state changes | Top configuration changes | Top configuration changes based on user | Top configuration changes based on remote device | Top link errors
Router Connection Reports
- View details on all connections accepted and denied by your routers.
- These are categorized by source, destination, and protocol.
- Trend reports are also available for all router connections.
Successful connection authorizations | Top connections based on source | Top connections based on destination | Top connections based on protocol | Successful connection authorization trends | Denied connections | Top denied connections based on source | Top denied connections based on destination | Top denied connections based on protocol | Denied connection trends
Router Traffic Report by Protocol
TCP traffic audit | UDP traffic audit | ICMP traffic audit | Traffic audit overview | Top TCP traffic audit based on source | Top UDP traffic audit based on source | Top ICMP traffic audit based on source | Top traffic audit based on source
Router and Switch System Events
- Track critical system events related to the router interfaces, fans, memory, clocks, ports, and power supply.
Commands executed | Interface up | Interface down due to link failure | Individual port down | Fan failed | Fan status ok | Report on power supply | Memory allocation failure | System clock updates | Report on power supply scheduled | System temperature exceeded | System shutdown due to temperature | Interface down suspended by speed
Router Traffic Errors
- Identify communication errors, such as those related to the transfer of data fragments or address resolution protocol (ARP) requests.
Too many fragments | Invalid fragment length | Overlapped fragments | DHCP snooping denied | Permitted ARP | Denied ARPs