Firewall Wizards mailing list archives
Logs (was Re: VPN endpoint)
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Wed, 1 Sep 2004 22:27:33 +0530
On 31/08/04 08:41 -0700, anyluser wrote:
Lets also not forget that we have a window into our respective networks past. Detailed logging isnt only there for tracking down a break in and it's important
In which case I'll invite MJR to break in again and advertise the current thread on the loganalysis list about the results people want from it. Performance metrics, security analysis, trends, top n and bottom n talkers/listeners, ports used, scalability, fancy reports for management (those are important too), .....
to emphasize that. Log analysis is a huge part of our jobs. WRT to known threats, it's not a stretch to project into future based on events in the past. For the unknown threats I try to keep a watchfull eye on the traffic patterns and weigh them against the "feel" of my territory.
How do you convey this "feel" to another admin/manager who isn't familiar with the territory yet? This gut feeling thing is not what is desired in most situations (though that is usually what we go with). Devdas Bhagat _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: VPN endpoint anyluser (Sep 01)
- Logs (was Re: VPN endpoint) Devdas Bhagat (Sep 01)