Re: analyzing firewall logs in a database

["Csiri" <Csiri () katherine nepszabadsag hu>]

-----Original Message-----
From: Don Turnbull <donturn () fis utoronto ca>
To: Firewall-wizards <firewall-wizards () nfr net>
Date: 1999. február 16. 4:22
Subject: analyzing firewall logs in a database


> Hi,
>
> Being relatively new to working with firewalls (but learning a lot by
> listening to posts!), I'd like to ask if anyone has experience importing
> log files into a database for more sophisticated querying than current

> analysis programs (I'm thinking WebTrends, HitList, and Telemate). I

> know Raptor has a "flatten" utility, but am looking for battle stories
> about it or other tools that might be around.
>
> thanks,
>
>
> --
> -------------------------
> Don Turnbull
> donturn () fis utoronto ca
> http://donturn.fis.utoronto.ca/



Logging to file is much better (so faster) than logging to a database
(directly).
If you have a good analyzer program it's no matter how the data stored, but
if you don't have unnecessary free disk space it's not a good idea to keep
logfiles in their original form.
If you have free capacity for that, I suggest to make your own querying
tool,
based on your own designed database where only the wanted data get into.
Don't forget to store the data as briefly as you can.
(E.g. You can store the request type as "GET", "POST", "HEAD", but you
 can store as 0, 1, 2 too.)
I know only WebTrends from the above analyzers, it's really stupid and very-
very slow.
Bye

Csiri