Cisco ASA Syslog Linechart

Cisco ASA Syslog Linechart

Most tools/charts only display the Total amount of particular IDs (the most common is a pie chart).
This is difficult when you want to know the behavior of such IDs over time. So I came up with this :D

I've created a small set of scripts that takes the Top-Syslog-IDs from Cisco ASA Logs for plot them a line chart.

The "Top-Syslog-IDs" represents the IDs with more entries in the logs in the last N minutes.

This particular graphic shows the top 15 syslog IDs in the last 30 minutes.

Tools: bash, sqlite3 (for storing time + ids), Gnuplot

Looks good! I had to Google

Looks good! I had to Google to find out what those top Syslog-IDs meant and found this site http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html

The log IDs that I Googled for all came up as "Recommended Action None required." It could be interesting if you parsed that page and showed only the top IDs that Cisco believes do require an action.