Support
 
Support Get Quote
 
 
 
 

Cisco Logs Analyzer

Cisco Log Analyzer

Routers and switches are the traffic directors for networks, and dynamically discover the best routes for data packets to travel. Router failures can disrupt communication by slowing down the packets. Firewalls and IDS/IPS devices provide network security by filtering and inspecting packets for malicious content. All these devices log traffic activity and other important security information. It is important to monitor and analyze the activity on these devices. Cisco network devices are among the most commonly used.

Advantages of Cisco network analysis

Analyzing your Cisco logs allows you to:

  • Track all logons and discover any authentication errors.
  • Ensure that the devices are always properly configured and monitor configuration changes.
  • Examine all router and switch connections (including those denied) and identify the source and destination devices interacting with them the most.
  • Break down details about traffic passing through devices based on protocol (e.g. TCP, UDP, and ICMP).
  • Analyze port usage on your devices and learn when any are down.
  • Examine all system events of concern and identify routers requiring attention.
  • Discover traffic flow errors and note those occurring most frequently.

However, it's not easy to do all this on your own. With a Cisco syslog server like EventLog Analyzer, you can simplify your Cisco network monitoring and analysis.

Cisco network device management with EventLog Analyzer

EventLog Analyzer provides Cisco log management with the following features:

  • A device of prepackaged reports detailing router and switch activity help you intuitively visualize your data in list, chart, and graph formats.
  • Trend reports discover patterns in your data, while top N reports reveal the people and devices most frequently responsible for certain events.
  • Easily switch from viewing reports to plain-text log information.
  • Custom, real-time alerts eliminate the need for manual report surveillance.
  • Powerful forensics allow you to easily find the logs you need.

This solution aids Cisco log monitoring in the following areas:

  • Cisco router monitoring: Monitor Cisco router syslogs for information on logons, configuration changes, connection details, traffic details and system events.
  • Cisco switch monitoring: Monitor switch activity such as traffic information and system events.
  • Cisco firewall monitoring: Monitor firewall traffic, account changes, logons, threat information and more for Cisco ASA and Cisco PIX devices.
  • Cisco VPN monitoring: Monitor remote VPN logons and VPN user information for Cisco ASA devices.
  • Cisco IDS/IPS monitoring: Monitor attack information and identify frequently targeted devices, and more.

Router Logon Reports

  • Audit all successful router logons.
  • Obtain details on SSH and VPN logons.
  • View all VPN authentication and authorization errors.
  • View successful and failed logons categorized by device, user, and remote device.
  • Identify patterns or anomalies by looking at logon trends.

Available Reports

Logons | Failed logons | Bad authentication | SSH logons | Failed SSH logons | Closed SSH sessions | Failed VPN logons | VPN authorization errors | Top logons based on device | Top logons based on user | Top logons based on remote device | Top failed logons based on device | Top failed logons based on user | Top failed logons based on remote device | Top VPN authentication errors based on interface | Top VPN authentication errors based on user | Top VPN authorization errors based on interface | Top VPN authorization errors based on user | Top SSH logons based on remote device | Top SSH logons based on user | Top failed SSH logons based on remote device | Top failed SSH logons based on user | Logon trends | Failed logon trends

Router Configuration Reports

  • View details on all uplinks and downlinks.
  • Track all configuration and link state changes.
  • Identify all link errors, including a list of those occurring most frequently.
  • View top configuration changes classified by user and remote device.

Available Reports

Reports on uplinks | Reports on downlinks | Reports on uplinks and downlinks | Link state changes | Configuration changes | System restarts | Link errors | Top state changes | Top configuration changes | Top configuration changes based on user | Top configuration changes based on remote device | Top link errors

Router Connection Reports

  • View details on all connections accepted and denied by your routers.
  • These are categorized by source, destination, and protocol.
  • Trend reports are also available for all router connections.

Available Reports

Successful connection authorizations | Top connections based on source | Top connections based on destination | Top connections based on protocol | Successful connection authorization trends | Denied connections | Top denied connections based on source | Top denied connections based on destination | Top denied connections based on protocol | Denied connection trends

Router Traffic Report by Protocol

Available Reports

TCP traffic audit | UDP traffic audit | ICMP traffic audit | Traffic audit overview | Top TCP traffic audit based on source | Top UDP traffic audit based on source | Top ICMP traffic audit based on source | Top traffic audit based on source

Router and Switch System Events

  • Track critical system events related to the router interfaces, fans, memory, clocks, ports, and power supply.

Available Reports

Commands executed | Interface up | Interface down due to link failure | Individual port down | Fan failed | Fan status ok | Report on power supply | Memory allocation failure | System clock updates | Report on power supply scheduled | System temperature exceeded | System shutdown due to temperature | Interface down suspended by speed

Router Traffic Errors

  • Identify communication errors, such as those related to the transfer of data fragments or address resolution protocol (ARP) requests.

Available Reports

Too many fragments | Invalid fragment length | Overlapped fragments | DHCP snooping denied | Permitted ARP | Denied ARPs

 
Customer Speaks
  • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
     
    Benjamin Shumaker
    Vice President of IT / ISO
    Credit Union of Denver
  • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
     
    Joseph Graziano, MCSE CCA VCP
    Senior Network Engineer
    Citadel
  • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
     
    Joseph E. Veretto
    Operations Review Specialist
    Office of Information System
    Florida Department of Transportation
  • I love the alerts feature of the product. We are able to send immediate alerts based on pretty much anything we can think of. We send alerts when certain accounts login, or when groups are changed, etc. That has been very helpful. Also the automatic archive of the log files has been very helpful and has taken the worry out of keeping old logs. The “Ask Me” function is very nice as well. It is great to have some natural language queries built in where you can just click a button and get an answer.
     
    Jim Earnshaw
    Senior Computer Specialist
    Department of Chemistry
    University of Washington
  • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
     
    Jim Lloyd
    Information Systems Manager
    First Mountain Bank

EventLog Analyzer Trusted By

A Single Pane of Glass for Comprehensive Threat Management