Firewall Wizards mailing list archives
Re: Reading firewall logs
From: Lance Spitzner <lance () spitzner net>
Date: Thu, 27 Apr 2000 06:47:53 -0500 (CDT)
On Wed, 26 Apr 2000, Alex Lim wrote:
I am hoping to hear some enlightening comments on reading firewall logs. I am curious if people are actually doing it or is there some kind of tools that we can buy off the shelf. I dun think it's productive or efficient to ask an employee to spend a few hours reading the logs just to look out for anomalies. Anyone care to comment ? BTW I am referring to the Checkpoint FW-1 logs.
I've customized FW-1 logs to alert me whenever I need to review my logs for specific envents, such as when my network is probed or unauthorized events happen. These alerts tell me that somthing odd is happening and that I need to review the logs in greater detail. This saves me the time of having to manually look through the log file for the specific events. http://www.enteract.com/~lspitz/intrusion.html Hope that helps :) Lance Spitzner http://www.enteract.com/~lspitz/papers.html
Current thread:
- Reading firewall logs Alex Lim (Apr 26)
- Re: Reading firewall logs Bill Pennington (Apr 27)
- Re: Reading firewall logs Lance Spitzner (Apr 27)
- RE: Reading firewall logs Andrew Helm-Cowley (Apr 27)
- Re: Reading firewall logs Jim Seymour (Apr 27)
- Re: Reading firewall logs Dominik Miklaszewski (Apr 28)
- <Possible follow-ups>
- RE: Reading firewall logs Litney, Tom (Apr 27)
- Re: Reading firewall logs ark (Apr 27)
- Re: Reading firewall logs Bill_Royds (Apr 28)
- RE: Reading firewall logs -reply Mark . Teicher (Apr 28)