Security Basics mailing list archives
Re: Firewall Logging question?
From: "Gleb Paharenko" <gpaharenko () gmail com>
Date: Tue, 20 May 2008 21:27:28 +0300
Hi.
Is it really necessary? Are just the "deny" logs critical? Say disk space is not in abundance.
It depends on your policy. From my past experience it is very useful when you're performing incident investigation. You should probably react on suspicious 'deny' alarms as it can be caused by network compromise attempts. 2008/5/20 Albert R. Campa <abcampa () gmail com>:
Hi, I am wondering what your opinion is on Firewall logging for "Accept/Permit/Allow" rules? Is it really necessary? Are just the "deny" logs critical? Say disk space is not in abundance. Should you not log "accept/permit/allow" firewall rules, or log everything and have your retention reduced? What are advantages to logging "accept/permit/allow" rules in a firewall? Thank in advance. Albert
-- Best regards. Gleb Pakharenko. http://gpaharenko.livejournal.com
Current thread:
- Firewall Logging question? Albert R. Campa (May 20)
- RE: Firewall Logging question? Dan Lynch (May 20)
- Re: Firewall Logging question? Gleb Paharenko (May 20)
- RE: Firewall Logging question? Rivest, Philippe (May 20)
- Re: Firewall Logging question? Jason (May 20)
- <Possible follow-ups>
- Re: Firewall Logging question? Kenton Smith (May 20)