Firewall Wizards mailing list archives
RE: Reading firewall logs
From: "SIU Credit Union IS Dept" <isdept () cecc net>
Date: Wed, 3 May 2000 16:22:55 -0500
Our site uses the PrivateI application by OpenSystems. It does have a few bugs, at least in our implementation, but generally speaking, it is a good syslog management and "light" IDS type of system. It records and parses the syslog stream and allows various types of summary and detail reporting. It also features a "watchdog" component that scans the incoming syslog for filters and conditions that you specify and provides visual, audio, and email alterting of these conditions. It does not take long to sort through the logs with a properly configured filter for your specific site security policy. PrivateI works for NT and for Solaris. It's taken some fine tuning to weed our the extraneous noise and legitimate traffic from traffic that appears to be hostile or exceptional (indicating some network or client misconfiguration, for instance). I've also used a grep like utility to exclude normal traffic (to the best of my understanding) from my web server logs and report only the exceptional or suspicious activity. Good day, Curt Wilson SIU Credit Union IS Dept Network Manager isdept () cecc net -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= SIU Credit Union Information Services Department Serving the technology needs of our members and employees (618) 549-3636 mailto:isdept () cecc net http://www.siucu.org =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Current thread:
- Re: Reading firewall logs Talisker (May 05)
- <Possible follow-ups>
- Re: Reading firewall logs Alex Lim (May 05)
- Re: Reading firewall logs ark (May 05)
- RE: Reading firewall logs SIU Credit Union IS Dept (May 05)
- Re: Reading firewall logs Bill_Royds (May 12)