Firewall Wizards mailing list archives
Re: Reading firewall logs
From: Dominik Miklaszewski <dmikey () uswest net>
Date: Thu, 27 Apr 2000 19:02:32 -0500
Alex Lim wrote:
Hi, I am hoping to hear some enlightening comments on reading firewall logs. I am curious if people are actually doing it or is there some kind of tools that we can buy off the shelf. I dun think it's productive or efficient to ask an employee to spend a few hours reading the logs just to look out for anomalies. Anyone care to comment ? BTW I am referring to the Checkpoint FW-1 logs. TIA Alex Lim
1. Use fw-1 export feature 2. ftp/scp/ flat files to a backyard box 2. Parse the flat file with awk/grep/sed/perl 3. Optionally may use Mysql <on the backyard box> 4. Do reports you want with perl/CGI through Apache 5. Restrict the access 6. Impress people ;) looks like a job, but what a fun! :) cheers, Dominik
Current thread:
- Reading firewall logs Alex Lim (Apr 26)
- Re: Reading firewall logs Bill Pennington (Apr 27)
- Re: Reading firewall logs Lance Spitzner (Apr 27)
- RE: Reading firewall logs Andrew Helm-Cowley (Apr 27)
- Re: Reading firewall logs Jim Seymour (Apr 27)
- Re: Reading firewall logs Dominik Miklaszewski (Apr 28)
- <Possible follow-ups>
- RE: Reading firewall logs Litney, Tom (Apr 27)
- Re: Reading firewall logs ark (Apr 27)
- Re: Reading firewall logs Bill_Royds (Apr 28)
- RE: Reading firewall logs -reply Mark . Teicher (Apr 28)