RE: Reading firewall logs

["SIU Credit Union IS Dept" <isdept () cecc net>]

Our site uses the PrivateI application by OpenSystems. It does 
have a few bugs, at least in our implementation, but generally 
speaking, it is a good syslog management and "light" IDS type of 
system. It records and parses the syslog stream and allows 
various types of summary and detail reporting. It also features a 
"watchdog" component that scans the incoming syslog for filters 
and conditions that you specify and provides visual, audio, and 
email alterting of these conditions. It does not take long to sort 
through the logs with a properly configured filter for your specific 
site security policy.

PrivateI works for NT and for Solaris.

It's taken some fine tuning to weed our the extraneous noise and 
legitimate traffic from traffic that appears to be hostile or 
exceptional (indicating some network or client misconfiguration, for 
instance). I've also used a grep like utility to exclude normal
traffic (to the best of my understanding) from my web server logs 
and report only the exceptional or suspicious activity.

Good day,
Curt Wilson
SIU Credit Union IS Dept
Network Manager
isdept () cecc net

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
SIU Credit Union Information Services Department
Serving the technology needs of our members and employees
(618) 549-3636 mailto:isdept () cecc net  http://www.siucu.org
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-