Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

FW-1 log analysis tool

From: pcchew () CSAH COM (Chew Poh Chang (CAPL))
Date: Fri, 9 Jun 2000 09:27:30 +0800

Greetings ,
        I am looking for a FW-1 log analysis tool.

In particular, I am looking for a tool which highlights the security
incidents from a firewall-1 log, I dont care about bandwidth utilisation,
web site hits, top X sources/destinations (except where this might indicate
a scan/hack attempt.)

I am specifically looking for something that lets me focus on the Security
incidents in the log (as (initially) shown by Scans). I have other logs
that show me attempts against Bind, Syslog, SMTP etc, but the tools for
Firewall-1 seem to be focussed towards Mgmt & accounting, not security.

I am hoping that someone has a perl script that they already use for this...

Please note: I am currently receiving over 1,500,000 lines of (already
abridged) logs each day, with an additional 5-10 million lines to come each
day as soon as I get the log filter working correctly. This number will
just grow over time, and I would not be surprised to be receiving 50-80
million lines per day within 12 months!

Regards,
Chew Poh Chang
Previous By Date Next
Previous By Thread Next

Current thread: