Security Incidents mailing list archives
FW-1 log analysis tool
From: pcchew () CSAH COM (Chew Poh Chang (CAPL))
Date: Fri, 9 Jun 2000 09:27:30 +0800
Greetings , I am looking for a FW-1 log analysis tool. In particular, I am looking for a tool which highlights the security incidents from a firewall-1 log, I dont care about bandwidth utilisation, web site hits, top X sources/destinations (except where this might indicate a scan/hack attempt.) I am specifically looking for something that lets me focus on the Security incidents in the log (as (initially) shown by Scans). I have other logs that show me attempts against Bind, Syslog, SMTP etc, but the tools for Firewall-1 seem to be focussed towards Mgmt & accounting, not security. I am hoping that someone has a perl script that they already use for this... Please note: I am currently receiving over 1,500,000 lines of (already abridged) logs each day, with an additional 5-10 million lines to come each day as soon as I get the log filter working correctly. This number will just grow over time, and I would not be surprised to be receiving 50-80 million lines per day within 12 months! Regards, Chew Poh Chang
Current thread:
- Port 6347, (continued)
- Port 6347 Dante Mercurio (Jun 08)
- Re: Port 6347 Brian Macke (Jun 08)
- Re: Port 6347 Henry F. Marquardt (Jun 09)
- Re: What is this guy doing? Greg A. Woods (Jun 08)
- Port-scans from visited web-sites? Peter Bates (Jun 07)
- Re: Port-scans from visited web-sites? Joe McAlerney (Jun 08)
- Re: Port-scans from visited web-sites? Greg A. Woods (Jun 08)
- Re: Port-scans from visited web-sites? Erich Meier (Jun 10)
- scan log Max Gribov (Jun 11)
- Re: scan log Jason Witty (Jun 12)
- FW-1 log analysis tool Chew Poh Chang (CAPL) (Jun 08)
- Re: FW-1 log analysis tool Lance Spitzner (Jun 10)
- Re: FW-1 log analysis tool Kenneth Ish (Jun 11)
- port 12345 scanning Luke Dudney (Jun 11)
- Protocol 54 M J (Jun 07)
- Re: very strange scan patterns Ejovi Nuwere (Jun 07)
- hacked @home with logs and info.. nmorgowicz () RALCOIND COM (Jun 07)
- Re: hacked @home with logs and info.. Shadow Boxer (Jun 08)
- UDP Port 2078 Dundo (Jun 08)
- New KAK worm distribution out Roy Wilson (Jun 08)
- Re: hacked @home with logs and info.. Randy Mclean (Jun 09)