Re: Firewall Log Analysis

From: Saravana Ram (Ramat_private)
Date: Fri Jan 14 2000 - 04:54:19 PST

Next message: Tina Bird: "Re: ICSA's IPSEC lab notes..."

Previous message: O'Shea, Dave: "RE: Linux firewall options"
Maybe in reply to: VN_Sabarinath@satyam-infoway.com: "Firewall Log Analysis"
Next in thread: R. DuFresne: "Re: Firewall Log Analysis"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> To get the log files, I propose to regularly FTP the files (in zipped
version,
> once a day, automatically)from the firewalls to a centralised machine.
This
> machine run a log anaysis software.  The report may be FTP'ed back or put
up on
> a website.

> 1) Are there any better approaches to do this?

Do make sure that the firewalls ftp OUT the log files to your central
machine. Don't run ftpd (or any) services on your firewalls. FTP itself is
insecure, try to use ssh's file transfer mechanism instead, or any other
means of secure file transfer.

Next message: Tina Bird: "Re: ICSA's IPSEC lab notes..."
Previous message: O'Shea, Dave: "RE: Linux firewall options"
Maybe in reply to: VN_Sabarinath@satyam-infoway.com: "Firewall Log Analysis"
Next in thread: R. DuFresne: "Re: Firewall Log Analysis"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:57:38 PDT