1) identify which messages you are interested in, there are several hundred so a script which granularly parses them all is a MAJOR undertaking. 2) Get real familiar with perl and regular expressions ;) > Hi folks, I was directed here by a Mr. Tbird that maintains > this list, below is a question I posed on another list. > > > > I love the ability in the Checkpoint firewall logging > applet that allows me to load up any former saved log file, and filter > according to any criteria I set. > > Lets use an example: > > I want to show an auditor what exactly went through my firewall, > to/from a specific DMZ host, between the hours of 1 and 3pm GMT, on July > 8th, 2003. > > In checkpoint, if I had correctly configured my ruleset, and archived my > log files properly, I could provide this answer within 30 minutes. > > Fast forward to my current company, which went with a Cisco PIX > solution based on the up front cost. I can log all the connections to > my heart content, but boy mining the data to help show what happened in > my above example has been tiresome at best. > > Can anyone here please suggest to me some type of logging and more > relevantly, a granular lo analyzer that can help me achieve this end? > > Currently I am logging all my PIX traffic to a host running Kiwi > syslog daemon, which archives each days logs into a separate folder in > the dated logs directory, creating a new directory named for each date > in the year. > > I am looking for a less clunky solution. > > Any help is GREATLY appreciated. > > Thanks! > > > > Carey Heck > (o) 609.520.8522 x209 > (c) 732.768.7133 > > www.strasz.com > > This message including any attachments may contain confidential > information intended for a specific individual and purpose, and is > protected by law. If you are not the intended recipient, you should > delete this message. Any disclosure, copying, or distribution of this > message is strictly prohibited. > > _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Fri Feb 11 2005 - 20:57:02 PST