Security Basics mailing list archives
Re: Tools to Analyse Logs in Checkpoint NG
From: "yannick'san" <yannicksan () free fr>
Date: Wed, 21 May 2003 21:10:02 +0200
Is it only for checking security events in FW1 logs ? Or will you integrate, later, the logs from other equipements ? (router, switch logs,...) I say that because if you take an analyse console which is completly written for dealing with FW1 logs, ok, this time you won't have to write your own script... but later when you will check for security incidents in others equipments, you will have different grammars and you will have to write your own scripts.... unless you use a second (or a third) analyse console. All my logs were concentrate into a SYSLOG server. I did some script in PERL to look for security events. Then I inserted the results into the ACID's database (Analysis Console for Intrusion Detection). As far as I can remember, there are a limited number of "key words" used in FW1.. so I rarely had to change the grammars... Sorry I used my own scripts. Yannick ----- Original Message ----- From: "E P" <enda.purcell () cw com> To: <security-basics () securityfocus com> Sent: Wednesday, May 21, 2003 3:29 PM Subject: Tools to Analyse Logs in Checkpoint NG
Hi all, I am wondering if anybody has or have come across any scripting tools or good freeware package that can be used to analyse Checkpoint NG Firewall Log files. I'm faced with the task that I have several firewalls that I wish to produce reports on things like attack info from Smartdefence, attacks, usage, top talkers and all that fancy stuff. Hopefully someone may have come across something that could be used or easily modified to perform this rather than having to write my own scripts. I have looked in brief at WebTrends and I don't feel that it is granular enough for what I want thanks --------------------------------------------------------------------------
-
Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register
Now!
--UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ----------------------------------------------------------------------------
Current thread:
- Tools to Analyse Logs in Checkpoint NG E P (May 21)
- Re: Tools to Analyse Logs in Checkpoint NG Dr. S. A. Vetha Manickam (May 22)
- Re: Tools to Analyse Logs in Checkpoint NG yannick'san (May 22)
- <Possible follow-ups>
- Re: Tools to Analyse Logs in Checkpoint NG c_brauckmiller (May 22)
- Re: Tools to Analyse Logs in Checkpoint NG H Carvey (May 22)
- RE: Tools to Analyse Logs in Checkpoint NG Lachlan McGill (May 27)