Firewall Wizards mailing list archives

Re: Reading firewall logs

From: Dominik Miklaszewski <dmikey () uswest net>
Date: Thu, 27 Apr 2000 19:02:32 -0500

Alex Lim wrote:


Hi,

I am hoping to hear some enlightening comments on reading firewall logs.
I am curious if people are actually doing it or is there some kind of
tools that we can buy off the shelf. I dun think it's productive or
efficient to ask an employee to spend a few hours reading the logs just
to look out for anomalies.

Anyone care to comment ? BTW I am referring to the Checkpoint FW-1 logs.

TIA
Alex Lim


1. Use fw-1 export feature 
2. ftp/scp/ flat files to a backyard box
2. Parse the flat file with awk/grep/sed/perl
3. Optionally may use Mysql <on the backyard box> 
4. Do reports you want with perl/CGI through Apache 
5. Restrict the access 
6. Impress people ;)

looks like a job, but what a fun! :) 

cheers,
Dominik

Current thread:

Reading firewall logs Alex Lim (Apr 26)
- Re: Reading firewall logs Bill Pennington (Apr 27)
- Re: Reading firewall logs Lance Spitzner (Apr 27)
- RE: Reading firewall logs Andrew Helm-Cowley (Apr 27)
- Re: Reading firewall logs Jim Seymour (Apr 27)
- Re: Reading firewall logs Dominik Miklaszewski (Apr 28)
- <Possible follow-ups>
- RE: Reading firewall logs Litney, Tom (Apr 27)
- Re: Reading firewall logs ark (Apr 27)
- Re: Reading firewall logs Bill_Royds (Apr 28)
- RE: Reading firewall logs -reply Mark . Teicher (Apr 28)