Eventia (R70) Log Parsing Editor

[gregrack]

Has anyone out there used the Eventia Log Parsing Editor with R70? I understand it is suppose to help CP (Eventia/Tracker(?)) better understand syslogs sent to it. Rather than re-invent the wheel, I had hoped to find a standard PRS file somewhere online with the basic Cisco, etc, syslogs defined already. I'm actually surprised by how few of the syslogs match by default...

Has anyone used this tool?

[chillyjim]

From my experience it is being mostly used to process CP logs.
With the new pricing structure (Match EVA to the size of the SmartCenter), processing other devices is a lot more economical. Hopefully that will spur more syslog usage & development.

Maybe Barry could set up a section where we could publish PRS files that we want to share.

[BarryStiefel]

Quote:

Originally Posted by chillyjim

From my experience it is being mostly used to process CP logs.
With the new pricing structure (Match EVA to the size of the SmartCenter), processing other devices is a lot more economical. Hopefully that will spur more syslog usage & development.

Maybe Barry could set up a section where we could publish PRS files that we want to share.

Start off by posting them in this thread; if we need to, we'll move them all to a new thread.

[RayPesek]

Quote:

Originally Posted by chillyjim

With the new pricing structure (Match EVA to the size of the SmartCenter), processing other devices is a lot more economical.

The new pricing structure where only CP firewalls need a licenses, rather than having to license everything sending to Eventia, has me baffled regarding the size of the SmartCenter.

We've got an unlimited SmartCenter on R65 and will go to an unlimited on blades as well. But we've got less than ten firewalls. If we license EVA to the unlimited SmartCenter, it costs me $32,000. But if I buy an extra "little" SmartCenter license, I can have EVA/ER for $8,000 + the $4,000 SmartCenter license.

Sure seems stupid to me. Just count the number of firewalls I have and don't make me play these dumb games.

Ray

[PhoneBoy]

You can have an unlimited SmartCenter, but have an Eventia license for less than unlimited gateways. What matters as far as Eventia is concerned is the ACTUAL number of gateways you manage. So no, you don't need to buy an unlimited Eventia license. :)

[Thorpuse]

Quote:

Originally Posted by RayPesek

Sure seems stupid to me. Just count the number of firewalls I have and don't make me play these dumb games.

This is one of those classic cases where for some customers, the pricing changes dramatically in their favour, and for others, it goes the other way. Personally, I prefer the tying to management size, because working out device counts per device with the old system beame really expensive, really quickly once you added non-CP devices to the mix. This is one of the few cases where SW blades actually can bring an ecomonic benefit to a customer compared to the old pricelist.