Firewall Wizards mailing list archives

Re: Syslog set up

From: David Thiel <lx () redundancy redundancy org>
Date: Thu, 24 Jul 2003 09:51:30 -0700

On Thu, Jul 24, 2003 at 08:44:38AM -0400, Melson, Paul wrote:

I think a gung-ho approach is best in this situation; "Log 'em
all, let the analyzer sort 'em out."  :-)


I'm required to log everything, and I find a useful tool to deal with 
this is socklog.

For example:

  s1000000 -* +*pix.ip.ad.dr:* ./main/pix \
  s1000000 -* +*%PIX*Built* +*%PIX*Teardown* ./main/pix-accept \
  s1000000 -* +*%PIX*Deny* ./main/pix-deny

This will put log messages with the specified characteristics into their
own log directory. It's easy to do the same thing to sort out protocol,
port, etc. Not a full log analysis solution, but a good way to start
with bite-sized pieces when looking for specific info.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Syslog set up Doug Garrison (Jul 23)
- RE: Syslog set up Josh Welch (Jul 23)
- RE: Syslog set up Bob Wanamaker - Avant Systems, Inc. (Jul 23)
- Re: Syslog set up Brian A Kee (Jul 25)
- <Possible follow-ups>
- RE: Syslog set up Melson, Paul (Jul 24)
  - Re: Syslog set up David Thiel (Jul 25)
  - RE: Syslog set up Mark Tinberg (Jul 25)
- Re: Syslog set up Brian Ford (Jul 25)
- RE: Syslog set up Melson, Paul (Jul 25)