One example of firewall log analysis tools which has not been mentioned is "Reptor" by Alex Howansky www.wankwood.com . This is specific for Symantec Enterprise Firewall, ne' Raptor, but is a superb example of how one can automate and extract very detailed and specific items of interest from a firewall log. See http://www.wankwood.com/reptor/samples.html for samples. Perhaps others can use this as an example of how some clever perl scripting and a flexible config file can do wonders for letting you know what went in and out of your network. Watching this thread and seeing the comments about rule documentation in FW-1 as well as Tina's original question "but i figured i should ask -- has anyone found a more elegant way of dealing with this problem?", prompts me to offer Alex's work as an example. Regards, Bruce _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Oct 23 2003 - 10:21:41 PDT