-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 Hello Carey, Thursday, February 10, 2005, 11:08:28 AM, you wrote: CH> I want to show an auditor what exactly went through my firewall, CH> to/from a specific DMZ host, between the hours of 1 and 3pm GMT, on CH> July 8th, 2003. ... CH> Fast forward to my current company, which went with a Cisco PIX CH> solution based on the up front cost. I can log all the connections to CH> my heart content, but boy mining the data to help show what happened CH> in my above example has been tiresome at best. The problem is your platform. Kiwi is a great tool, but it is not really designed for analysis or auditing. Running Syslogd on a BSD server, with a log rotation system, is a much better solution. Send your syslog data to the server. If you have a request similar to the one you described grep/awk the file for the time period -- and you can pull the information A LOT faster than you can with Checkpoint's clunky interface. allan - -- Allan Liska allan@private http://www.allan.org -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUAQgwQeCkg6TAvIBeFAQFrzQP+OUektxKjBRmQkF2fj5bPTwhnu4dBv2s7 Yw+H/j0ee5AHgX94PcgOFJobvnCbbfA2EoJC7oqd471Gm08e9hIOgMUwKC18b3Xg GVeSa5v/azam3XuwCsionO8e/0HRzm6xTPA425XtSn7DXnnphlj8gIer7sEXm+wZ K+oOm96DO4s= =luvc -----END PGP SIGNATURE----- _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Fri Feb 11 2005 - 20:54:19 PST