Firewall Wizards mailing list archives

Re: log interpretation

From: Robert Graham <robert_david_graham () yahoo com>
Date: Wed, 22 Dec 1999 15:48:45 -0800 (PST)

It highly depends upon whose product's logs you want to interpret.

I assume you mean firewall logs. Again, the exact details depends upon whose
logs.

One of the biggest issues in interpretation is figuring out what the port
numbers, IP addresses, and so forth mean in firewall logs. I've been
maintaining a FAQ about this. It is at:

http://www.robertgraham.com/pubs/firewall-seen.html

Rob.

--- "Kertesz, Imre" <ikertesz () ASEC-MD2 COM> wrote:

Can anyone out there recommend a good resource, tutorial, etc. for log
interpretation?  My question stems from the occasional necessity of human
insight where an automated (AI or other mechanism) log reviewer may not be
able to distinguish bad traffic from good. 

Thanks - IK 


Imre Kertesz III, CISSP
Senior Consultant
Booz-Allen & Hamilton



=====
Robert Graham
"Anxiously awaiting the millenium so I can start programming
dates with 2-digits again."
__________________________________________________
Do You Yahoo!?
Thousands of Stores.  Millions of Products.  All in one place.
Yahoo! Shopping: http://shopping.yahoo.com

Current thread:

log interpretation Kertesz, Imre (Dec 22)
- Re: log interpretation cbrenton (Dec 23)
  - Re: log interpretation dreamwvr (Dec 26)
- <Possible follow-ups>
- Re: log interpretation Robert Graham (Dec 23)
- Re: log interpretation Marcus J. Ranum (Dec 23)