Firewall Wizards mailing list archives
Re: Reading firewall logs
From: Bill Pennington <billp () rocketcash com>
Date: Wed, 26 Apr 2000 18:05:50 -0700
You can look at Webtrends for Firewall and VPNs. It makes pretty pictures. I am not that familiar with checkpoint tools/scripts out there but you should be able to find/write something that cuts through most of the fluff and gives you the real anomalous activity. As far as having someone read your logs for a few hours a day that all depends on your security policy/stance. I read logs everyday but it only takes me about 30 minutes total. I get fresh log info every 30 minutes so I am not reading a full days worth at a time. The most I have to read is about 10 hours worth. I am looking at firewall and IDS logs from 2 locations, one a fairly high trafficked web site. Depending on the amount of traffic and the amount of break-in attempts your time will vary. With experience, the person reading the logs will be able to weed out the script-kiddies from the more "advanced" attempts. Alex Lim wrote:
Hi, I am hoping to hear some enlightening comments on reading firewall logs. I am curious if people are actually doing it or is there some kind of tools that we can buy off the shelf. I dun think it's productive or efficient to ask an employee to spend a few hours reading the logs just to look out for anomalies. Anyone care to comment ? BTW I am referring to the Checkpoint FW-1 logs. TIA Alex Lim
-- Bill Pennington Senior IT Manager Rocketcash billp () rocketcash com http://www.rocketcash.com
Current thread:
- Reading firewall logs Alex Lim (Apr 26)
- Re: Reading firewall logs Bill Pennington (Apr 27)
- Re: Reading firewall logs Lance Spitzner (Apr 27)
- RE: Reading firewall logs Andrew Helm-Cowley (Apr 27)
- Re: Reading firewall logs Jim Seymour (Apr 27)
- Re: Reading firewall logs Dominik Miklaszewski (Apr 28)
- <Possible follow-ups>
- RE: Reading firewall logs Litney, Tom (Apr 27)
- Re: Reading firewall logs ark (Apr 27)
- Re: Reading firewall logs Bill_Royds (Apr 28)
- RE: Reading firewall logs -reply Mark . Teicher (Apr 28)