Firewall Wizards mailing list archives
Re: Syslog montioring and usage.
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Tue, 13 Jul 2004 10:16:16 -0400
Chad Thomsen wrote:
I am trying to learn the ins and outs of using Syslog. I am at my second job where I have installed and configure another Pix, but have never really got into Syslog. I am currently using KIWI syslog daemon. I would like to better find out what the messages mean, and how to track down port scans, and other security related issues that syslog may reveal. To sum it up I want to be able to have a good understanding of a log file that comes form a Pix.
There are dictionaries for Pix log messages on cisco.com, which makes the Pix a whole lot easier for log analysis than most products out there. Figuring out what's important or not is hard. :( It's somewhat site-dependent, as well. You're on the right track, using Kiwi, and at least you're DOING something with your logs instead of ignoring them like most people do. http://www.loganalysis.org is a site Tina Bird and I put together and maintain about log analysis stuff; there's a good amount of information there and some nice link-farms. I need to update the teaching schedule info. ;) I will be teaching a class on log analysis at USENIX, and SANS in New Orleans and Vegas. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Syslog montioring and usage. Chad Thomsen (Jul 13)
- Re: Syslog montioring and usage. Chris Todd (Jul 15)
- Re: Syslog montioring and usage. Marcus J. Ranum (Jul 15)
- Re: Syslog montioring and usage. Josh Welch (Jul 15)
- Re: Syslog montioring and usage. Greg Skouby (Jul 15)
- Traffic generating tool survey David Lang (Jul 19)
- RE: Traffic generating tool survey lordchariot (Jul 19)
- Traffic generating tool survey David Lang (Jul 19)
- Re: Syslog montioring and usage. Ng Pheng Siong (Jul 15)
- Re: Syslog montioring and usage. Adrian Grigorof (Jul 19)
- <Possible follow-ups>
- RE: Syslog montioring and usage. Melson, Paul (Jul 15)
- RE: Syslog montioring and usage. Wes Noonan (Jul 19)
- RE: Syslog montioring and usage. Chad Thomsen (Jul 19)
- RE: Syslog montioring and usage. Wes Noonan (Jul 19)
- Re: Syslog montioring and usage. Roger Marquis (Jul 19)
(Thread continues...)