Firewall Wizards mailing list archives
RE: Reading firewall logs
From: "Litney, Tom" <TLitney () caiso com>
Date: Wed, 26 Apr 2000 15:33:15 -0700
Hi Alex, Is this a troll? You're asking a list of security people the value of reviewing firewall logs (or any system logs for that matter)? Of course it is very important and yes there are products on the market that may help you do this (e.g. WEBTRENDS). I happen to like good old fashion shell scripts with the liberal use of grep -v. The idea being throw away everything that you don't need to see and don't care about leaving the stuff a human security eye needs to check. Of course you can use PERL or your language De Jour. It shouldn't take a few hours to review firewall logs after this type of processing. It only takes me about 15 minutes max per firewall (sometimes the follow up on incidents can take a bit longer :-) ). Tom -----Original Message----- From: Alex Lim [mailto:mwlalex () magix com sg] Sent: Tuesday, April 25, 2000 8:22 PM To: fwz Subject: [fw-wiz] Reading firewall logs Hi, I am hoping to hear some enlightening comments on reading firewall logs. I am curious if people are actually doing it or is there some kind of tools that we can buy off the shelf. I dun think it's productive or efficient to ask an employee to spend a few hours reading the logs just to look out for anomalies. Anyone care to comment ? BTW I am referring to the Checkpoint FW-1 logs. TIA Alex Lim
Current thread:
- Reading firewall logs Alex Lim (Apr 26)
- Re: Reading firewall logs Bill Pennington (Apr 27)
- Re: Reading firewall logs Lance Spitzner (Apr 27)
- RE: Reading firewall logs Andrew Helm-Cowley (Apr 27)
- Re: Reading firewall logs Jim Seymour (Apr 27)
- Re: Reading firewall logs Dominik Miklaszewski (Apr 28)
- <Possible follow-ups>
- RE: Reading firewall logs Litney, Tom (Apr 27)
- Re: Reading firewall logs ark (Apr 27)
- Re: Reading firewall logs Bill_Royds (Apr 28)
- RE: Reading firewall logs -reply Mark . Teicher (Apr 28)