Firewall Wizards mailing list archives
Re: Syslog set up
From: David Thiel <lx () redundancy redundancy org>
Date: Thu, 24 Jul 2003 09:51:30 -0700
On Thu, Jul 24, 2003 at 08:44:38AM -0400, Melson, Paul wrote:
I think a gung-ho approach is best in this situation; "Log 'em all, let the analyzer sort 'em out." :-)
I'm required to log everything, and I find a useful tool to deal with this is socklog. For example: s1000000 -* +*pix.ip.ad.dr:* ./main/pix \ s1000000 -* +*%PIX*Built* +*%PIX*Teardown* ./main/pix-accept \ s1000000 -* +*%PIX*Deny* ./main/pix-deny This will put log messages with the specified characteristics into their own log directory. It's easy to do the same thing to sort out protocol, port, etc. Not a full log analysis solution, but a good way to start with bite-sized pieces when looking for specific info. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Syslog set up Doug Garrison (Jul 23)
- RE: Syslog set up Josh Welch (Jul 23)
- RE: Syslog set up Bob Wanamaker - Avant Systems, Inc. (Jul 23)
- Re: Syslog set up Brian A Kee (Jul 25)
- <Possible follow-ups>
- RE: Syslog set up Melson, Paul (Jul 24)
- Re: Syslog set up David Thiel (Jul 25)
- RE: Syslog set up Mark Tinberg (Jul 25)
- Re: Syslog set up Brian Ford (Jul 25)
- RE: Syslog set up Melson, Paul (Jul 25)