RE: [fw-wiz] Netscreen email logging

From: Bruce Platt (Bruce@ei3.com)
Date: 09/28/02


From: Bruce Platt <Bruce@ei3.com>
To: "'Clark, Steve'" <Steve@clarksupport.com>, Bruce Platt <Bruce@ei3.com>, "'pjklist@ekahuna.com'" <pjklist@ekahuna.com>
Date: Sat Sep 28 19:12:18 2002

Steve,

Perhaps this works for you. Not for me. I do get very nice traffic logs
mailed to me though :-)

-----Original Message-----
From: Clark, Steve [mailto:Steve@clarksupport.com]
Sent: Saturday, September 28, 2002 4:08 PM
To: 'Bruce Platt'; 'pjklist@ekahuna.com'
Cc: firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] Netscreen email logging

Make sure you have checked Log Packets to Self that are dropped. You will
start to see the alert email.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
          301-610-9584 voice
          240-465-0323 Efax

Your Referral Resource

The data furnished in connection with this document is deemed by Clark
Systems Support, LLC., to contain proprietary and privileged information and
shall not be disclosed or used for the benefit of others without the prior
written permission of Clark Systems Support, LLC.

-----Original Message-----
From: Bruce Platt [mailto:Bruce@ei3.com]
Sent: Saturday, September 28, 2002 8:25 AM
To: 'pjklist@ekahuna.com'
Cc: firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] Netscreen email logging

Philip,

I can't find your original message, but I think you were after an answer as
to why you don't get alert messages, such as those in the event logs mailed
to you, while getting traffic logs mailed.

I don't either, though my NSs are configured for it, and I get lots of
traffic mail.

You might want to ask the folks at www.netscreenforum.com. It's a forum
rather than a mailing list and inhabited by some very knowledgable folks.

I have the same question on my list of things to figure out when I get time.
I was planning on posing the question there.

Regards

-----Original Message-----
From: Philip J. Koenig [mailto:pjklist@ekahuna.com]
Sent: Friday, September 27, 2002 2:37 PM
To: Juhani Lahti
Cc: firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] Netscreen email logging

On 27 Sep 2002 at 15:43, Juhani Lahti boldly uttered:

> I have 5XP and get logs and alerts. In the begining(when you are just
> installed your NetScreen) NetScreen doesn't send any logs to you , I don't
> know why.
> I got my first logs about two days after installation.
>
> Remember enable logging, when you create security policies.

Yes logging is enabled - ie various policies have "permit log count"
or "deny log count" at the end. (I configure primarily via CLI)

In the case of the 5XP, it has been sitting there for months without
sending logs.

Thanks for your suggestions.

Phil

> > -----Original Message-----
> > From: Philip J. Koenig [SMTP:pjklist@ekahuna.com]
> > Sent: 27. syyskuuta 2002 06:07
> > To: firewall-wizards@nfr.com
> > Subject: [fw-wiz] Netscreen email logging
> >
> > I have tried to get email alerts and logs working with 2 different
> > Netscreen boxes (5XP Elite and 25) with no success. Everything else
> > pretty much works as expected except this. I have asked Netscreen
> > support about it more than once and get the equivalent of a shrug
> > from them.
> >
> > Is there some secret to this I'm missing? Here are the relevant
> > entries from the configuration file:
> >
> > set admin mail alert
> > set admin mail traffic-log
> > set admin mail server-name <hostname or IP>
> > set admin mail mail-addr1 <email address>
> >
> >
> > I've finally gotten used to their idiosyncracy of needing a manual
> > route entry for any network that receives or sends to the firewall
> > itself, so this isn't the problem.
> >
> > Ideas greatly appreciated!
> >
> > Phil
> >
> > --
> > Philip J. Koenig
> > pjklist@ekahuna.com
> > Electric Kahuna Systems -- Computers & Communications for the New
> > Millenium
> >
> >
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@honor.icsalabs.com
> > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

--
Philip J. Koenig                                       pjklist@ekahuna.com
Electric Kahuna Systems -- Computers & Communications for the New Millenium
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • RE: [fw-wiz] Netscreen email logging
    ... Steve's suggestion below ("set firewall log-self") may have been ... The Netscreen is now sending logs. ... alarm 2 minutes after the first, it will buffer that alarm and send ... "set admin mail alert" has not been set. ...
    (Firewall-Wizards)
  • Re: cracking local admin account
    ... Alert on every failed login attempt. ... You need to start with the same password on all workstations - can use ... network that don't allow domain admin to log on - they can be rogue systems. ... monitor security logs for admin login and account management events on ...
    (microsoft.public.security)
  • Re: Logon type 3 - ID 529
    ... nothing has been installed recently on these machines. ... I couldnt see anything in the logs too. ... the alert appeared. ... I've read logon type 3 can be caused due to access of shared ...
    (microsoft.public.windows.server.sbs)
  • RE: [fw-wiz] Netscreen email logging
    ... start to see the alert email. ... written permission of Clark Systems Support, ... while getting traffic logs mailed. ...
    (Firewall-Wizards)
  • RE: Getting 539 and 5634 alerts from my SBS 2003 box but not showing in event logs
    ... As I know, the error 5634 is a backup error, the detail message of this ... error will in backup logs. ... so please send the alert mail to me for further investigation. ... Exchange Server 2003 ...
    (microsoft.public.windows.server.sbs)