| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 09 Feb 2005 21:47:33 -0500 From: jkowall <jkowall@...cking.net> To: Carey Heck <carey.heck@...il.com> Cc: pen-test@...urityfocus.com, bugtraq@...urityfocus.com Subject: Re: Data Mining for PIX Firewall Logs First you will have to log the data via syslog. I reccomend kiwi syslog daemon for windows. The pro version is cheap and it can do compression, rotation, and filtering. It can also do email based alerting. Syslog-ng for*NIX is by far the most extensable and advanced daemon for *NIX. Now that you have the files, I would reccomend the following products: http://www.sawmill.net/ Sawmill not only processes PIX easily, but it can also process anything from sendmail, to IIS logs. Its a great tool. Well priced, and processes hundreds and hundreds of different logfiles. http://www.surfstats.com/sla_pro.asp Decent product, haven't used it much http://www.softland.com.ar/info/eiqnetworks/firewallan/submain.htm Expensive last time I looked, never used it. http://tud.at/programm/fwanalog/ Free logfile processor, the reports are pretty basic. http://perlmonks.thepen.com/123707.html Script to monitor a log and page/email. http://www.itefix.no/phpws/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=21&MMN_position=21:21 Never used this one/ There are a couple other ones too, but these are some of the main ones. good luck, email with any additional questions. -jk Carey Heck wrote: >Hi folks. I love the ability in the Checkpoint firewall logging >applet that allows me to load up any former saved log file, and filter >according to any criteria I set. > >Lets use an example: > >I want to show an auditor what exactly went through my firewall, >to/from a specific DMZ host, between the hours of 1 and 3pm GMT, on >July 8th, 2003. > >In checkpoint, if I had correctly configured my ruleset, and archived >my log files properly, I could provide this answer within 30 minutes. > >Fast forward to my current company, which went with a Cisco PIX >solution based on the up front cost. I can log all the connections to >my heart content, but boy mining the data to help show what happened >in my above example has been tiresome at best. > >Can anyone here please suggest to me some type of logging and more >relevantly, a data mining product that can help me achieve this end? > >Currently I am logging all my PIX traffic to a host running Kiwi >syslog daemon, which archives each days logs into a separate folder in >the dated logs directory, creating a new directory named for each date >in the year. > >I am looking for a less clunky solution. > >Any help is GREATLY appreciated. > >Thanks! > > >
Powered by blists - more mailing lists