Firewall Wizards mailing list archives
Re: analyzing firewall logs in a database
From: "Csiri" <Csiri () katherine nepszabadsag hu>
Date: Tue, 16 Feb 1999 16:49:32 +0100
-----Original Message----- From: Don Turnbull <donturn () fis utoronto ca> To: Firewall-wizards <firewall-wizards () nfr net> Date: 1999. február 16. 4:22 Subject: analyzing firewall logs in a database
Hi, Being relatively new to working with firewalls (but learning a lot by listening to posts!), I'd like to ask if anyone has experience importing log files into a database for more sophisticated querying than current
analysis programs (I'm thinking WebTrends, HitList, and Telemate). I
know Raptor has a "flatten" utility, but am looking for battle stories about it or other tools that might be around. thanks, -- ------------------------- Don Turnbull donturn () fis utoronto ca http://donturn.fis.utoronto.ca/
Logging to file is much better (so faster) than logging to a database (directly). If you have a good analyzer program it's no matter how the data stored, but if you don't have unnecessary free disk space it's not a good idea to keep logfiles in their original form. If you have free capacity for that, I suggest to make your own querying tool, based on your own designed database where only the wanted data get into. Don't forget to store the data as briefly as you can. (E.g. You can store the request type as "GET", "POST", "HEAD", but you can store as 0, 1, 2 too.) I know only WebTrends from the above analyzers, it's really stupid and very- very slow. Bye Csiri
Current thread:
- analyzing firewall logs in a database Don Turnbull (Feb 15)
- <Possible follow-ups>
- Re: analyzing firewall logs in a database Csiri (Feb 17)
- Re: analyzing firewall logs in a database Matt McClung (Feb 18)