‘PLA – PIX Logging Architecture’
‘The PIX Logging Architecture [PLA] is a free and open-source project allowing for correlation of Cisco PIX Firewall Traffic and IDS Logs.
PIX Log message parsing is performed through the use of the PLA parsing module or PLA Msyslogd module. Centralization of the logs is provided using a MySQL database, supported by a Web-based frontend for Log Viewing, Searching, and Event Management. PIX Logging Architecture is completely coded in the Perl programming language, and uses various Perl modules including Perl::DBI and Perl::CGI.
The PIX Logging Architecture parsing module, which is responsible for extracting the necessary fields from the PIX system log messages, gather information including, but not limited to, Translations (Xlate’s), Informative Log Messages (i.e. PIX Failover, PIX VPN Establishment, PIX Interface Up/Down, PIX PPPoE VPDN establishment and the like). All the parsing information needed by the PLA Parsing Daemon (pla_parsed) in order to extract data from the logs is stored in the database, allowing for easy updates of the supported log messages without having to replace the parsing scripts.
The PLA Parsing Daemon runs as a daemonized Perl process in the background and reads straight and in quasi real-time from the system log files, so no more need to create crontab jobs like before and having to restart syslogd all the time.
With the PIX Logging Architecture v2.00 version comes the ability to perform parse-time filtering. Parse-time filtering allows you to use the PLA web interface to define traffic which you do not wish you log (i.e. between specific IP pairs and ports, on specific protocols, on specific firewalls). The PLA Parse Daemon (pla_parsed) then checks the incoming firewall logs and will exclude any traffic which matches the parse-time filters. Using these parse filters allows to keep tabs on the database size and prevents you from having to log all data.’