Re: WebTrends Alternative

["Josh Robb" <josh () fujitsu co nz>]

I am doing this using NT and FW-1.

at runs a script every night which does a logswitch. exports the logs to
csv. ftps the logs to a secure host within the network.

On my SQL server I have a task scheduled later which imports the csv file
into my db using DTS.
----- Original Message -----
From: Siglite <siglite () criticalstop com>
To: Saravana Ram <Ram () POP Jaring My>; <firewall-wizards () nfr net>
Sent: Thursday, November 25, 1999 2:08 PM
Subject: Re: WebTrends Alternative


> That's what I was thinking as well.  Push from the firewall out to an SQL
box
> somewhere.  Where would be dictated by security / risk / policy.  The only
way I
> can think of to do this, is a C executable run by cron (or 'at' in the
case of
> NT) that would launch on user-defined intervals and push the data out.
The fun
> part is writing the executable that will open the sockets to the SQL boxes
and
> push the data across in the proper formats.   Not being a big C guru, this
would
> probably take me about half of forever to accomplish.  My forte would be
more
> towards the front end of things.  Creating the reporting in ASP or CGI on
the
> webserver.
>
> I'm considering explaining the content of this thread to my CEO. (we're a
> software development house)  My company could certianly bring much more
skill to
> bear on the problem than I could alone.  And I'm pretty sure there's a
market
> niche for it.
>
> The question of the day however is, has someoe out there lurking on the
list
> already done this?  I think most of us have muddled through script hell
mining
> out our logs.  But has anyone out there created something that pushes to
SQL
> databases?
>
>
> Saravana Ram wrote:
>
> > > I think the most difficult aspect of this would be the question 'how
do you
> > > automate moving the logs off of th box' be it windows NT, Solaris,
Nokia, or
> > > whatever platform checkpoint's currently running on.  Network transfer
from
> > the
> > > client-side implys some sort of listening service running on the
firewall.
> > > Bad.  I haven't looked into a viable cross-platform solution for this
> > > firewall-side.  I've just continued to trudge through the logs with my
perl
> > > script and my sql server.
> >
> > Instead of a logging device pulling the data from the FW box (which
would
> > require a listening service on the FW), why don't you have the FW push
logs to
> > a logging device (which would require a listening service on the logger
not
> > the FW). Log data can be pushed in real time (continuously) or in
batches
> > (poll at reasonable intervals).
> >
> > If tossing log data around in the DMZ is considered too risky, then a
serial
> > (as in RS-232) connection can be made from the FW to the logging device.
This
> > pathway can't be hacked through unless the logging device is
compromised.
> > Downside, the logging device and the FW have to be placed at the same
site.
>