Re: Firewall Log Analysis

["R. DuFresne" <dufresne () sysinfo com>]

Someone, I think either from bugtraq, or the other firewalls list,
released code they were working on for a 'secure syslog' protocol for such
a situation as this.  The work was unfinished, to clarify.  Let me see if
I can find the links here...hold..:

Yes, from his posting, bugtraq:

I've placed an online archive of the source at
http://www.w00w00.org/files/SRS and the full, original source is available
at http://www.w00w00.org/files/SRS.tgz.  This code hasn't been changed in
over a year, and the original comments, TODOs, READMEs, etc. are all still
there.

                From: Matt Conover <shok () CANNABIS DATAFORCE NET>


Thanks,

Ron DuFresne


On Thu, 13 Jan 2000 VN_Sabarinath () satyam-infoway com wrote:

>                                               Placed At :
>
>
> Hello,
>
> I administer 5 remote firewalls and wish to do seperate centralized anaysis of
> the logfiles to generate custom reports.
>
> To get the log files, I propose to regularly FTP the files (in zipped version,
> once a day, automatically)from the firewalls to a centralised machine. This
> machine run a log anaysis software.  The report may be FTP'ed back or put up on
> a website.
>
> 1) Are there any better approaches to do this?
>
> 2) We currently use Webtrends for firewalls and VPN's.  Is there an unlimited
> license version for this product? (We are an ISP).
>
> 3) Can you suggest other log analysis software?
>
> Thanks/Regards
>
> VN Sabarinath
>
>
> Please Visit http://www.satyamonline.com for free e-mail

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!