Kinda off topic, but was wondering what people use for real time monitoring of PIX logs. Checkpoint had a GUI which allowed one to filter on ip address,protocol etc.. and display results in real time. I am looking for the same for the pix. We are logging to a syslog server, and was wondering if we should just write custom scripts? Cisco does offer the Netforensics SIM, but this is quite pricy. (though im still pushing for it :xmas: )

I think you're going to have a hard time trying to replicate the type of logging and reporting that Check Point will do out of the box with the PIX. Admittedly I haven't used a PIX in years and years, but I know of quite a few shops that pay the premium for CP just to have the logging and reporting. Of course if you do find the magic bullet, I would be very interested... :)