Security Basics mailing list archives

Re: Firewall Logging question?

From: "Gleb Paharenko" <gpaharenko () gmail com>
Date: Tue, 20 May 2008 21:27:28 +0300

Hi.

Is it really necessary? Are just the "deny" logs critical?
Say disk space is not in abundance.


It depends on your policy. From my past experience it is very useful
when you're performing
incident investigation. You should probably react on suspicious 'deny'
alarms as it can be caused by
network compromise attempts.

2008/5/20 Albert R. Campa <abcampa () gmail com>:

Hi,

I am wondering what your opinion is on Firewall logging for
"Accept/Permit/Allow" rules?

Is it really necessary? Are just the "deny" logs critical?
Say disk space is not in abundance.

Should you not log "accept/permit/allow" firewall rules, or log
everything and have your retention reduced?

What are advantages to logging "accept/permit/allow" rules in a firewall?

Thank in advance.

Albert




-- 
Best regards.
Gleb Pakharenko.
http://gpaharenko.livejournal.com

Current thread:

Firewall Logging question? Albert R. Campa (May 20)
- RE: Firewall Logging question? Dan Lynch (May 20)
- Re: Firewall Logging question? Gleb Paharenko (May 20)
- RE: Firewall Logging question? Rivest, Philippe (May 20)
- Re: Firewall Logging question? Jason (May 20)
- <Possible follow-ups>
- Re: Firewall Logging question? Kenton Smith (May 20)