RE: [logs] firewall logging and rulesets

From: Bruce Platt (Bruce@private)
Date: Thu Oct 23 2003 - 05:13:45 PDT

  • Next message: Brian Ford: "Re: [logs] firewall logging and rulesets"

    One example of firewall log analysis tools which has not been mentioned is
    "Reptor" by Alex Howansky .
    This is specific for Symantec Enterprise Firewall, ne' Raptor, but is a
    superb example of how one can automate and extract very detailed and
    specific items of interest from a firewall log.
    See  for samples.
    Perhaps others can use this as an example of how some clever perl scripting
    and a flexible config file can do wonders for letting you know what went in
    and out of your network.  
    Watching this thread and seeing the comments about rule documentation in
    FW-1 as well as Tina's original question "but i figured i should
    ask -- has anyone found a more elegant way of dealing with this problem?",
    prompts me to offer Alex's work as an example.
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Thu Oct 23 2003 - 10:21:41 PDT