RE: WebTrends Alternative

["Matt McClung" <mmcclung () ndwcorp com>]

|logs.  But the concept of my firewall housing several hundred megabytes of
|archived log files did not appeal to me.

You might consider removing the Enterprise Mgt Console off the firewall and
on to a separate Mgt. Server.  I always use the 3-tier approach using
checkpoint's products.  A FW Engine, managed by a separate mgt server
(console) which I can administer using the GUI client.  I then use a larger
HD on the console so I can store the logs longer.  This improves performance
and manageability.  The console can Be an NT server which you can then use
SQL programs  to push off data to another SQL Server, or just query off the
console server.

|
|I've been maintaining a six month log rotation on the SQL box for
|about a year
|now.  A six month archive entails about a million records in the
|database for
|our company, and I've been considering moving to Oracle since SQL
|6.5 strains
|badly under the queries.
|
|I think the most difficult aspect of this would be the question 'how do you
|automate moving the logs off of th box' be it windows NT, Solaris,
|Nokia, or
|whatever platform checkpoint's currently running on.  Network
|transfer from the
|client-side implys some sort of listening service running on the firewall.
|Bad.  I haven't looked into a viable cross-platform solution for this
|firewall-side.  I've just continued to trudge through the logs with my perl
|script and my sql server.

Use a process that SENDS it from the firewall to another machine.  Use
expect and create a FTP process to automagically FTP the data to another LOG
server.

Matt