Firewall Wizards mailing list archives
Re: analyzing firewall logs in a database
From: "Matt McClung" <mmcclung () ndwcorp com>
Date: Thu, 18 Feb 1999 09:35:29 -0700
I have used a program call XaCCT which takes a firewall log file and simultaneously enters the data to a SQL or Oracle db. The program has a gui interface that lets you build queries on the dataset which is realy nice. Also, the program has a report generator and scheduler that allows you to set a report to be generated at a given time. I have the scheduler send me a daily report (done nightly ) about traffic statistics, etc. VERY NICE. The only downfall is the cost. The application was expensive and required significant hardware for the DB Server and mgt workstation. Matt McClung, CCSA/CCSE Net.Works Security Engineer mmcclung () ndwcorp com -----Original Message----- From: Csiri <Csiri () katherine nepszabadsag hu> To: Firewall-Wizards <firewall-wizards () nfr net> Date: Wednesday, February 17, 1999 5:30 PM Subject: Re: analyzing firewall logs in a database -----Original Message----- From: Don Turnbull <donturn () fis utoronto ca> To: Firewall-wizards <firewall-wizards () nfr net> Date: 1999. február 16. 4:22 Subject: analyzing firewall logs in a database
Hi, Being relatively new to working with firewalls (but learning a lot by listening to posts!), I'd like to ask if anyone has experience importing log files into a database for more sophisticated querying than current
analysis programs (I'm thinking WebTrends, HitList, and Telemate). I
know Raptor has a "flatten" utility, but am looking for battle stories about it or other tools that might be around. thanks, -- ------------------------- Don Turnbull donturn () fis utoronto ca http://donturn.fis.utoronto.ca/
Logging to file is much better (so faster) than logging to a database (directly). If you have a good analyzer program it's no matter how the data stored, but if you don't have unnecessary free disk space it's not a good idea to keep logfiles in their original form. If you have free capacity for that, I suggest to make your own querying tool, based on your own designed database where only the wanted data get into. Don't forget to store the data as briefly as you can. (E.g. You can store the request type as "GET", "POST", "HEAD", but you can store as 0, 1, 2 too.) I know only WebTrends from the above analyzers, it's really stupid and very- very slow. Bye Csiri
Current thread:
- analyzing firewall logs in a database Don Turnbull (Feb 15)
- <Possible follow-ups>
- Re: analyzing firewall logs in a database Csiri (Feb 17)
- Re: analyzing firewall logs in a database Matt McClung (Feb 18)