Re: Tools to Analyse Logs in Checkpoint NG

["yannick'san" <yannicksan () free fr>]

Is it only for checking security events in FW1 logs ?
Or will you integrate, later, the logs from other equipements ? (router,
switch logs,...)
I say that because if you take an analyse console which is completly written
for dealing with FW1 logs, ok, this time you won't have to write your own
script... but later when you will check for security incidents in others
equipments, you will have different grammars and you will have to write your
own scripts.... unless you use a second (or a third) analyse console.
All my logs were concentrate into a SYSLOG server. I did some script in PERL
to look for security events. Then I inserted the results into the ACID's
database (Analysis Console for Intrusion Detection). As far as I can
remember, there are a limited number of "key words" used in FW1.. so I
rarely had to change the grammars...
Sorry I used my own scripts.

Yannick

----- Original Message ----- 
From: "E P" <enda.purcell () cw com>
To: <security-basics () securityfocus com>
Sent: Wednesday, May 21, 2003 3:29 PM
Subject: Tools to Analyse Logs in Checkpoint NG


> Hi all,
>
> I am wondering if anybody has or have come across any scripting tools
> or good freeware package that can be used to analyse Checkpoint NG
> Firewall Log files. I'm faced  with the task that I have several
> firewalls
> that I wish to produce reports on things like attack info from
> Smartdefence, attacks, usage, top talkers and all that fancy stuff.
> Hopefully
> someone may have come across something that could be used or easily
> modified to perform this rather than having to write my own scripts. I
> have
> looked in brief at WebTrends and I don't feel that it is granular
> enough for what I want
>
> thanks
>
> --------------------------------------------------------------------------
-
> Thinking About Security Training? You Can't Afford Not To!
>
> Vigilar's industry leading curriculum includes:  Security +, Check Point,
> Hacking & Assessment, Cisco Security, Wireless Security & more! Register
Now!
> --UP TO 30% off classes in select cities-- 
> http://www.securityfocus.com/Vigilar-security-basics
> --------------------------------------------------------------------------
--
>


---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------