Firewall Wizards mailing list archives
Re: Firewall Log Analysis
From: "Chuck Swiger" <chuck () codefab com>
Date: Fri, 14 Jan 2000 14:57:14 -0500
On Thu, 13 Jan 2000 10:35:45 +0530, VN_Sabarinath () satyam-infoway com wrote:
I administer 5 remote firewalls and wish to do seperate centralized anaysis of the logfiles to generate custom reports. To get the log files, I propose to regularly FTP the files (in zipped version, once a day, automatically)from the firewalls to a centralised machine. This machine run a log anaysis software. The report may be FTP'ed back or put up on a website. 1) Are there any better approaches to do this?
Well, I would highly recommend using scp (part of the SSH distribution) instead of FTP to move the files around. That way, you don't have to run an FTP daemon on your log analyzer machine. Another perhaps not-so-minor benefit is that your logfiles are encrypted in transit, which means that an attacker cannot see whether his attempts have created log messages (by packet sniffing) nor can the attacker easily steal the connection and spoof false logs to hide his tracks. -Chuck Chuck 'Sisyphus' Swiger | chuck () codefab com | Bad cop! No Donut. ------------------------+-------------------+-------------------- I know that you are an optimist if you think I am a pessimist....
Current thread:
- Firewall Log Analysis VN_Sabarinath (Jan 13)
- Re: Firewall Log Analysis Saravana Ram (Jan 15)
- Re: Firewall Log Analysis Bill Pennington (Jan 16)
- Re: Firewall Log Analysis R. DuFresne (Jan 16)
- Re: Firewall Log Analysis Randy Grimshaw (Jan 18)
- Re: Firewall Log Analysis Chuck Swiger (Jan 16)