Firewall Wizards mailing list archives

Re: FW: Log Analysis tools list

From: Lance Spitzner <spitzner () dimension net>
Date: Fri, 30 Jul 1999 10:38:47 -0400 (EDT)

On Wed, 28 Jul 1999, Safier, Adam (GEIS) wrote:

Can anyone provide a list or point me to a site that lists commercial (not
freeware) Firewall Log Analysis tools for FW-1, Pix, and CISCO IOS.?


I've just updated a goody you may be interested in, for FW-1.  Its a script
that works with FW-1 alert functions.  It detects when your systems are
being probed, alerts you, emails the admin of the remote system (optional),
and can even automatically block the probing source.  I've just put up
the latest version, the code is much cleaner and easier to read.  You can
also add your own modules/functions to this.

More at:
http://www.enteract.com/~lspitz/intrusion.html



Here is what I got on an Altavista search.

Long list of tools for tracking web and other activity.  No firewall tools I
recognize.
http://www.egd.igd.fhg.de/~sandberg/loganalysis.html

The following has eval reports on 2 products:
http://www.cs.purdue.edu/coast/projects/tooleval/docs/firewall.html
Firewatch (Belcore)
Telemate.Net for Windows NT   http://www.telemate.net


And a review of firewall mailing lists:

Not for FW-1 - http://www.psionic.com/abacus/abacus_logcheck.html
WebTrends, HitList, Telemate, XaCCT

What ever happened to Haystack?

Tools such at Netcool seem to be missing from my searches.

Thanks,
Adam


Lance Spitzner
http://www.enteract.com/~lspitz/papers.html
Internetworking & Security Engineer
Dimension Enterprises Inc

Current thread:

FW: Log Analysis tools list Safier, Adam (GEIS) (Jul 29)
- Re: FW: Log Analysis tools list Lance Spitzner (Jul 30)
- <Possible follow-ups>
- Re: Log Analysis tools list Bill Pennington (Jul 30)