CONFIGURING ODBC FOR FIREGEN FOR PIX LOG ANALYZER

1.

Create a new database and assign a user id and password that has db owner rights to the database. Once the setup if completed, you can set the rights as read-only (the Kiwi Syslog server needs the right to create a new table during the setup).

2.

On the computer where FireGen is going to be installed configure a System DSN using the Data sources ( ODBC) applet from Administrative tools. Point the DSN to the database created at 1.

3.

Download the Kiwi Syslog server from Kiwi Enterprises. Kiwi is currently (Oct 2006) available as a freeware as well as a registered version (with some advanced features like logging to a database or compressing the logs for archiving purposes). To use the Log to ODBC database feature, you need the registered version.

4:

Install the Kiwi Syslog server software. This will create a Kiwi Syslog Daemon on the desktop.

5.

Open the Kiwi Syslog Daemon application. You will get to a screen that looks like this:

6.

From the File menu, select Setup (or Properties for older versions of Kiwi) to get to the Setup screen:

7.

In the left panel select Custom DB formats, right-click and Add new custom DB format, in the right panel, select the corresponding database type (SQL database in this example) and check the field names as shown below:

8.

In the left panel select Actions, right-click and Add action, in the right panel, select Log to ODBC database action type (optionally, right click on New Action and rename it to something more relevant):

9.

In the ODBC DSN connect string, click on Browse to select the DSN created for Kiwi:

Enter the name for the table that will contain the messages from Kiwi (i.e. KiwiSyslogd), and in the Database type/field format select the format created at 7. Click on Create table to create the new table using the custom format. Verify that the UID and PWD have the right information.

10.

Click on Apply and then on Test to have Kiwi write a sample log entry in the newly created table. Click on Query table to verify that a test entry has been written in the new table.

11.

Before trying to analyze the logs with FireGen make sure there are entries from the Cisco Pix firewall in the newly created database. If you have a fairly active firewall there should be entries there in a matter of seconds. If the Cisco Pix firewall is not configured to log to the syslog server follow the steps described in FAQ No. 12. For ODBC there is no need to add a Pix timestamp as FireGen will use the one generated by Kiwi.

12.

To configure FireGen to analyze the new logs, use the instructions provided on FAQ No. 1. As Sample log for the Log Host Profile enter a random file as this setting is not used by FireGen when is getting the log entries from an ODBC interface.

13.

Open the registry editor (regsvr32) and navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\AltairTech\FireGenPix2\Logs\odbc_profile

where odbc_profile is the profile created at point 12.

Add the following string values:

KiwiDSN - set it to match the ODBC DSN created above
KiwiTable - set it to match the table used by Kiwi (see point 9 above)
ODBCUser - set it to match the user name configured at point 1
ODBCPw - set it to match the password for the user configured at point 1