Firewall Wizards mailing list archives
Re: Reading firewall logs
From: Alex Lim <mwlalex () magix com sg>
Date: Wed, 03 May 2000 00:52:43 +0800
Hi, thks to all who have so kindly replied to my questions. The tools commonly recommended are : 1) perl or shell scripts 2) Webtrends for FW 3) Reporting module for Checkpoint version 4.1 I can write a bit of ksh scripts but due to the urgency of our requirement, I will be going for automated tools instead. So my next question is, "Has anyone compared Webtrends and the Reporting module for FW-1 v4.1 ?". TIA ALex Lance Spitzner wrote:
On Wed, 26 Apr 2000, Alex Lim wrote:I am hoping to hear some enlightening comments on reading firewall logs. I am curious if people are actually doing it or is there some kind of tools that we can buy off the shelf. I dun think it's productive or efficient to ask an employee to spend a few hours reading the logs just to look out for anomalies. Anyone care to comment ? BTW I am referring to the Checkpoint FW-1 logs.I've customized FW-1 logs to alert me whenever I need to review my logs for specific envents, such as when my network is probed or unauthorized events happen. These alerts tell me that somthing odd is happening and that I need to review the logs in greater detail. This saves me the time of having to manually look through the log file for the specific events. http://www.enteract.com/~lspitz/intrusion.html Hope that helps :) Lance Spitzner http://www.enteract.com/~lspitz/papers.html
Current thread:
- Re: Reading firewall logs Talisker (May 05)
- <Possible follow-ups>
- Re: Reading firewall logs Alex Lim (May 05)
- Re: Reading firewall logs ark (May 05)
- RE: Reading firewall logs SIU Credit Union IS Dept (May 05)
- Re: Reading firewall logs Bill_Royds (May 12)