Firewall Wizards mailing list archives
Re: log interpretation
From: Robert Graham <robert_david_graham () yahoo com>
Date: Wed, 22 Dec 1999 15:48:45 -0800 (PST)
It highly depends upon whose product's logs you want to interpret. I assume you mean firewall logs. Again, the exact details depends upon whose logs. One of the biggest issues in interpretation is figuring out what the port numbers, IP addresses, and so forth mean in firewall logs. I've been maintaining a FAQ about this. It is at: http://www.robertgraham.com/pubs/firewall-seen.html Rob. --- "Kertesz, Imre" <ikertesz () ASEC-MD2 COM> wrote:
Can anyone out there recommend a good resource, tutorial, etc. for log interpretation? My question stems from the occasional necessity of human insight where an automated (AI or other mechanism) log reviewer may not be able to distinguish bad traffic from good. Thanks - IK Imre Kertesz III, CISSP Senior Consultant Booz-Allen & Hamilton
===== Robert Graham "Anxiously awaiting the millenium so I can start programming dates with 2-digits again." __________________________________________________ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one place. Yahoo! Shopping: http://shopping.yahoo.com
Current thread:
- log interpretation Kertesz, Imre (Dec 22)
- Re: log interpretation cbrenton (Dec 23)
- Re: log interpretation dreamwvr (Dec 26)
- <Possible follow-ups>
- Re: log interpretation Robert Graham (Dec 23)
- Re: log interpretation Marcus J. Ranum (Dec 23)
- Re: log interpretation cbrenton (Dec 23)