| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Feb 2005 09:23:57 -0600 From: "Todd Towles" <toddtowles@...okshires.com> To: "jkowall" <jkowall@...cking.net>, "Carey Heck" <carey.heck@...il.com> Cc: <pen-test@...urityfocus.com>, <bugtraq@...urityfocus.com> Subject: RE: Data Mining for PIX Firewall Logs Php-Syslog-ng worked pretty well, when I tested it. Think about using Stunnel also for moving the logs across the network in a secure channel. > -----Original Message----- > From: jkowall [mailto:jkowall@...cking.net] > Sent: Wednesday, February 09, 2005 8:48 PM > To: Carey Heck > Cc: pen-test@...urityfocus.com; bugtraq@...urityfocus.com > Subject: Re: Data Mining for PIX Firewall Logs > > First you will have to log the data via syslog. I reccomend > kiwi syslog daemon for windows. The pro version is cheap and > it can do compression, rotation, and filtering. It can also > do email based alerting. > Syslog-ng for*NIX is by far the most extensable and advanced > daemon for *NIX. > > Now that you have the files, I would reccomend the following products: > > http://www.sawmill.net/ > Sawmill not only processes PIX easily, but it can also > process anything from sendmail, to IIS logs. Its a great > tool. Well priced, and processes hundreds and hundreds of > different logfiles. > > http://www.surfstats.com/sla_pro.asp > Decent product, haven't used it much > > http://www.softland.com.ar/info/eiqnetworks/firewallan/submain.htm > Expensive last time I looked, never used it. > > http://tud.at/programm/fwanalog/ > Free logfile processor, the reports are pretty basic. > > http://perlmonks.thepen.com/123707.html > Script to monitor a log and page/email. > > http://www.itefix.no/phpws/index.php?module=pagemaster&PAGE_us > er_op=view_page&PAGE_id=21&MMN_position=21:21 > Never used this one/ > > There are a couple other ones too, but these are some of the > main ones. > > good luck, email with any additional questions. > > -jk > > > Carey Heck wrote: > > >Hi folks. I love the ability in the Checkpoint firewall > logging applet > >that allows me to load up any former saved log file, and filter > >according to any criteria I set. > > > >Lets use an example: > > > >I want to show an auditor what exactly went through my firewall, > >to/from a specific DMZ host, between the hours of 1 and 3pm GMT, on > >July 8th, 2003. > > > >In checkpoint, if I had correctly configured my ruleset, and > archived > >my log files properly, I could provide this answer within 30 minutes. > > > >Fast forward to my current company, which went with a Cisco PIX > >solution based on the up front cost. I can log all the > connections to > >my heart content, but boy mining the data to help show what > happened in > >my above example has been tiresome at best. > > > >Can anyone here please suggest to me some type of logging and more > >relevantly, a data mining product that can help me achieve this end? > > > >Currently I am logging all my PIX traffic to a host running > Kiwi syslog > >daemon, which archives each days logs into a separate folder in the > >dated logs directory, creating a new directory named for > each date in > >the year. > > > >I am looking for a less clunky solution. > > > >Any help is GREATLY appreciated. > > > >Thanks! > > > > > > >
Powered by blists - more mailing lists