Re: Event management

[Chris Trudeau <chris () ctrudeau dyndns org>]

Yes, security alerts are important too. However both products I believe
have facilities to log to standard syslog daemons.  I know the Axent
firewalls do (thier standard logging funtions are in clear test, so
scraping these logs out of syslog will work)

Checkpoint is a different story...

ideas...

and thanks for the input for system level alerts...

Chris

Magosányi Árpád wrote:
> A levelezõm azt hiszi, hogy Chris Trudeau a következõeket írta:
> > All,
> >
> > Looking for an effective means to provide real-time (or as close as
> > possible) monitoring and event management for security devices....
> >
> > Requirements:
> >
> > A=firewall   B=management console
> >
> > *Traffic from A-->B MUST be encrypted (@ least 3DES)
> > *Must be prtable to Linux and Solaris (Probably no problem)
> > *Agent/Console IS acceptable
> > *Must provide for DIsk utilization, CPU utilization, Temp alerts (if
> > available),
> > swap utilization and other OS level alerts
> > *Must be vendor Neutral (support multiple firewall vendors-specifically
> > Axent/Checkpoint)
> >
> > I know there are commercial packages out there, but I only need to
> > initially implement for a small number.  If this list is monitored by
> > vendor representatives who want to do a demo, contact me.  The potential
> > is considerably larger.
>
> If we are talking about only the event handling connected to operation
> management (and not security related alerts), the following scheme seems to
> work:
>
> All devices run some scripts from cron, which checks the system health
> of the system.
> The output of the script is (through the stdin of ssh) sent to the health
> monitoring station (which is protected on the level of intranet; untrusted
> operators should look at the results, no one can operate on the firewalls
> from that station).
> On the monitoring station there is a Netsaint, which can be looked at through
> http(s).
> It can be extended by all bells-and-whistles of netsaint: bells, 3D, independent
> backup stations, and (this has the best hacque level for me, although have no
> real use unless one cannot see) alerts told by the computer with festival speech
> synthesizer system>
>
> The above meets all the above specified criteria, but we have not talked
> about the real question: security alerts.
>
> --
> GNU GPL: csak tiszta forrásból

-- 
Chris Trudeau
chris () ctrudeau dyndns org

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards