Re: WebTrends Alternative

["Saravana Ram" <Ram () POP Jaring My>]

> I think the most difficult aspect of this would be the question 'how do you
> automate moving the logs off of th box' be it windows NT, Solaris, Nokia, or
> whatever platform checkpoint's currently running on.  Network transfer from
the
> client-side implys some sort of listening service running on the firewall.
> Bad.  I haven't looked into a viable cross-platform solution for this
> firewall-side.  I've just continued to trudge through the logs with my perl
> script and my sql server.

Instead of a logging device pulling the data from the FW box (which would
require a listening service on the FW), why don't you have the FW push logs to
a logging device (which would require a listening service on the logger not
the FW). Log data can be pushed in real time (continuously) or in batches
(poll at reasonable intervals).

If tossing log data around in the DMZ is considered too risky, then a serial
(as in RS-232) connection can be made from the FW to the logging device. This
pathway can't be hacked through unless the logging device is compromised.
Downside, the logging device and the FW have to be placed at the same site.