Re: Reading firewall logs

[Alex Lim <mwlalex () magix com sg>]

Hi, thks to all who have so kindly replied to my questions. The tools
commonly recommended are :
1) perl or shell scripts
2) Webtrends for FW
3) Reporting module for Checkpoint version 4.1

I can write a bit of ksh scripts but due to the urgency of our
requirement, I will be going for automated tools instead. So my next
question is, "Has anyone compared Webtrends and the Reporting module for
FW-1 v4.1 ?". 

TIA
ALex



Lance Spitzner wrote:
> On Wed, 26 Apr 2000, Alex Lim wrote:
>
> > I am hoping to hear some enlightening comments on reading firewall logs.
> > I am curious if people are actually doing it or is there some kind of
> > tools that we can buy off the shelf. I dun think it's productive or
> > efficient to ask an employee to spend a few hours reading the logs just
> > to look out for anomalies.
> >
> > Anyone care to comment ? BTW I am referring to the Checkpoint FW-1 logs.
>
> I've customized FW-1 logs to alert me whenever I need to review my logs
> for specific envents, such as when my network is probed or unauthorized
> events happen.  These alerts tell me that somthing odd is happening and
> that I need to review the logs in greater detail.  This saves me the time
> of having to manually look through the log file for the specific events.
>
> http://www.enteract.com/~lspitz/intrusion.html
>
> Hope that helps :)
>
>
> Lance Spitzner
> http://www.enteract.com/~lspitz/papers.html