Re: Reading firewall logs

["Talisker" <Talisker () technologist com>]

Alex

I've been looking at CMDS from ods.com (now intrusion.com) my first
impressions are good, I know it accepts logs from Cisco routers and FW-1 as
well as NT and Solaris.  I haven't tried it on the former yet.  Might I
suggest you download an eval and give it a whirl.  If you do let me know
your feelings on the product.  I have a bit more info on my website at
www.internations.net/uk/talisker  look for Host based IDS, it's in there,
though please bear in mind that the info is from the vendor from before I
started looking at it.


The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.





----- Original Message -----
From: Alex Lim <mwlalex () magix com sg>
To: fwz <firewall-wizards () nfr net>
Sent: Wednesday, April 26, 2000 4:21 AM
Subject: [fw-wiz] Reading firewall logs


> Hi,
>
> I am hoping to hear some enlightening comments on reading firewall logs.
> I am curious if people are actually doing it or is there some kind of
> tools that we can buy off the shelf. I dun think it's productive or
> efficient to ask an employee to spend a few hours reading the logs just
> to look out for anomalies.
>
> Anyone care to comment ? BTW I am referring to the Checkpoint FW-1 logs.
>
> TIA
> Alex Lim