Firewall Wizards mailing list archives
Re: Transfering off-system firewall audit trails
From: Lance Spitzner <spitzner () dimension net>
Date: Sat, 12 Jun 1999 10:53:52 -0400 (EDT)
On Thu, 10 Jun 1999, Steven W. Engle wrote:
Can these firewalls o Borderware o Guantlet o Checkpoint Firewall-1 o Raptor transfer in "real-time" their audit trails to some other system (via 'syslogd' or something equivelent)? For those that have set-up this this type of functionality, what processes and/or automation are you performing on the receipient system to make use of the audit trails? What is/are the end result(s) of this processing / automation?
I can only speak for FW-1. You have two options for 'real-time' audit trailing. One is using User Defined alerts to track and monitor scans, usages, etc. See http://www.enteract.com/~lspitz/intrusion.html With this setup I receive emails/pages whenever the system is scanned, with all logs archived to a file. Or, you can have alerts/logs pumped to syslogd with /usr/ucb/logger command. You define this as your User Defined alert, and all alerts go through syslogd, which you can track with utilities such as swatch. I have successfully used both option. If you would like more info, email me. Lance Spitzner http://www.enteract.com/~lspitz/papers.html Internetworking & Security Engineer Dimension Enterprises Inc
Current thread:
- Firewall RISKS Robert Graham (Jun 03)
- Re: Firewall RISKS Paul D. Robertson (Jun 03)
- Re: Firewall RISKS Adam Shostack (Jun 03)
- <Possible follow-ups>
- Re: Firewall RISKS Andrew Gilbert (Jun 03)
- Re: Firewall RISKS MIKE SHAW (Jun 03)
- Re: Firewall RISKS Stephen P. Berry (Jun 04)
- Re: Firewall RISKS Lance Spitzner (Jun 04)
- Transfering off-system firewall audit trails Steven W. Engle (Jun 14)
- Re: Transfering off-system firewall audit trails Lance Spitzner (Jun 15)
- Re: Transfering off-system firewall audit trails Christoph Schneeberger (Jun 16)
- Re: Transfering off-system firewall audit trails Richard Rees (Jun 15)
- Re: Firewall RISKS Stephen P. Berry (Jun 04)
- eSafe Protect desktop experince Mark Lemmo (Jun 14)
- Re: Firewall RISKS Stephen P. Berry (Jun 14)
- Re: Firewall RISKS Stephen P. Berry (Jun 14)