lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <420ACB45.9010000@shocking.net>
Date: Wed, 09 Feb 2005 21:47:33 -0500
From: jkowall <jkowall@...cking.net>
To: Carey Heck <carey.heck@...il.com>
Cc: pen-test@...urityfocus.com, bugtraq@...urityfocus.com
Subject: Re: Data Mining for PIX Firewall Logs


First you will have to log the data via syslog.  I reccomend kiwi syslog 
daemon for windows.  The pro version is cheap and it can do compression, 
rotation, and filtering.  It can also do email based alerting.  
Syslog-ng for*NIX is by far the most extensable and advanced daemon for 
*NIX.

Now that you have the files, I would reccomend the following products:

http://www.sawmill.net/
Sawmill not only processes PIX easily, but it can also process anything 
from sendmail, to IIS logs.  Its a great tool.  Well priced, and 
processes hundreds and hundreds of different logfiles.

http://www.surfstats.com/sla_pro.asp
Decent product, haven't used it much

http://www.softland.com.ar/info/eiqnetworks/firewallan/submain.htm
Expensive last time I looked, never used it.

http://tud.at/programm/fwanalog/
Free logfile processor, the reports are pretty basic.

http://perlmonks.thepen.com/123707.html
Script to monitor a log and page/email.

http://www.itefix.no/phpws/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=21&MMN_position=21:21
Never used this one/

There are a couple other ones too, but these are some of the main ones.

good luck, email with any additional questions.

-jk


Carey Heck wrote:

>Hi folks.  I love the ability in the Checkpoint firewall logging
>applet that allows me to load up any former saved log file, and filter
>according to any criteria I set.
>
>Lets use an example:
>
>I want to show an auditor what exactly went through my firewall,
>to/from a specific DMZ host, between the hours of 1 and 3pm GMT, on
>July 8th, 2003.
>
>In checkpoint, if I had correctly configured my ruleset, and archived
>my log files properly, I could provide this answer within 30 minutes.
>
>Fast forward to my current company, which went with a Cisco PIX
>solution based on the up front cost.  I can log all the connections to
>my heart content, but boy mining the data to help show what happened
>in my above example has been tiresome at best.
>
>Can anyone here please suggest to me some type of logging and more
>relevantly, a data mining product that can help me achieve this end?
>
>Currently I am logging all my PIX traffic to a host running Kiwi
>syslog daemon, which archives each days logs into a separate folder in
>the dated logs directory, creating a new directory named for each date
>in the year.
>
>I am looking for a less clunky solution.
>
>Any help is GREATLY appreciated.
>
>Thanks!
>
>  
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ