Firewall Wizards mailing list archives
Re: Event management
From: Chris Trudeau <chris () ctrudeau dyndns org>
Date: Mon, 21 Aug 2000 07:38:35 -0400
Yes, security alerts are important too. However both products I believe have facilities to log to standard syslog daemons. I know the Axent firewalls do (thier standard logging funtions are in clear test, so scraping these logs out of syslog will work) Checkpoint is a different story... ideas... and thanks for the input for system level alerts... Chris Magosányi Árpád wrote:
A levelezõm azt hiszi, hogy Chris Trudeau a következõeket írta:All, Looking for an effective means to provide real-time (or as close as possible) monitoring and event management for security devices.... Requirements: A=firewall B=management console *Traffic from A-->B MUST be encrypted (@ least 3DES) *Must be prtable to Linux and Solaris (Probably no problem) *Agent/Console IS acceptable *Must provide for DIsk utilization, CPU utilization, Temp alerts (if available), swap utilization and other OS level alerts *Must be vendor Neutral (support multiple firewall vendors-specifically Axent/Checkpoint) I know there are commercial packages out there, but I only need to initially implement for a small number. If this list is monitored by vendor representatives who want to do a demo, contact me. The potential is considerably larger.If we are talking about only the event handling connected to operation management (and not security related alerts), the following scheme seems to work: All devices run some scripts from cron, which checks the system health of the system. The output of the script is (through the stdin of ssh) sent to the health monitoring station (which is protected on the level of intranet; untrusted operators should look at the results, no one can operate on the firewalls from that station). On the monitoring station there is a Netsaint, which can be looked at through http(s). It can be extended by all bells-and-whistles of netsaint: bells, 3D, independent backup stations, and (this has the best hacque level for me, although have no real use unless one cannot see) alerts told by the computer with festival speech synthesizer system> The above meets all the above specified criteria, but we have not talked about the real question: security alerts. -- GNU GPL: csak tiszta forrásból
-- Chris Trudeau chris () ctrudeau dyndns org _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Event management Chris Trudeau (Aug 20)
- Re: Event management Magosányi Árpád (Aug 21)
- Re: Event management Chris Trudeau (Aug 21)
- Re: Event management Nicholas Tang (Aug 24)
- <Possible follow-ups>
- Re: Event management Nicholas Tang (Aug 26)
- Re: Event management Magosányi Árpád (Aug 21)