Security Basics mailing list archives
Objet: Keeping Firewall Logs
From: Bourque Daniel <Daniel.Bourque () loto-quebec com>
Date: Wed, 16 Apr 2003 13:34:57 -0400
Look for kiwi syslog server on w2k and NT system -------------------------- Daniel Bourque BlackBerry -----Original Message----- From: Mark Ng <aliasklap () markng co uk> To: Naman Latif <naman.latif () inamed com> CC: security-basics () securityfocus com <security-basics () securityfocus com> Sent: Wed Apr 16 12:55:37 2003 Subject: Re: Keeping Firewall Logs On Tuesday 15 April 2003 12:21 am, Naman Latif wrote:
Hi, We have a PIX firewall, which logs all the "Permits" and "Denys". We are developing a policy regarding "how long these log files should be kept" . Does anyone has any tips regarding this ? And how have they implemented in their network ?
I've had an amount of success with a standard syslog server running on hardened *BSD hosts (any *nix will do, and I believe that you can get syslog servers for NT too). My general rule is to keep files up to three months - this can cause significant load on disk space though depending on how busy your firewalls are - this is easy to implement with cron scripts looking for files older than a certain amount of time and removing them. Regards, Mark Ng Director, Information Intelligence Ltd. --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ----------------------------------------------------------------------------
Current thread:
- Objet: Keeping Firewall Logs Bourque Daniel (Apr 17)