CSLI the centralize logging facility and security event correlation for Cisco and Juniper devices

Features

• Collecting, de-duplicating, parsing and managing logs from Cisco and Juniper security devices
• Security devices logs normalizing and analyzing
• Embedded GeoIP, WhoIs, host lookup and service resolving functionalities
• Searching security events based on number of criteria
• Critical events alerting
• Security events report builder
• VPN usage and traffic consumption statistics
• Ready to go VMWare appliance

What is it?

CSLI is the open source Centralized Security Logging Infrastructure (CSLI) which is provides the centralize logging facility and security event correlation for Cisco (ASA and ISR) and Juniper (SRX) devices.The CSLI project was launched in April, 2011 by Comrade.Polar.Bear.

How it works?

The primary goal of the CSLI design is to be able to analyze syslog data from the past as well as to track current security posture and have the visual presentation of the security threads and attacks.

In the diagram below the CSLI infrastructure is shown.

• Non-modified raw syslog files
• De-duplicated, parsed and pre-analyzed logs in the MySQL database

For more information, read the CSLI User Guide