Re: [fw-wiz] traffic analysis
From: Bill Royds (Bill_at_royds.net)
Date: 05/29/03
- Previous message: Bruce Smith: "Re: [fw-wiz] help in firewall"
- In reply to: R. DuFresne: "Re: [fw-wiz] traffic analysis"
- Next in thread: Mikael Olsson: "Re: [fw-wiz] traffic analysis"
- Reply: Mikael Olsson: "Re: [fw-wiz] traffic analysis"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Loxat White" <loxatwhite@yahoo.com> Date: Wed, 28 May 2003 18:42:30 -0400
In the Windows world, Microsoft has made available a free utility call Log
Parser that can handle many of the Microsoft log file formats (web, ISA,
Event logs etc.) as well as plain text where you describe the format. It
uses SQL syntax on the fields of the logs to extract records of interest
and can can convert them to various other formats (SQL Server, Tabbed text,
CSV etc.) so they can then be analyzed with other tools.
http://www.microsoft.com/downloads/details.aspx?FamilyID=8cde4028-e247-45be-bab9-ac851fc166a4&DisplayLang=en
(unwrap if neccessary).
As well, the Cygwin port of the BASH shell and other Linunx/Unix utilities
gives all the Unix tools, including grep, perl, awk, etc. (see
http://sources.redhat.com )
You can then produce a report on which protocols are in use, analyze them as
Mikhail as indicated and be much more aware of what your network is doing
----- Original Message -----
From: "R. DuFresne" <dufresne@sysinfo.com>
To: "Loxat White" <loxatwhite@yahoo.com>
Cc: <firewall-wizards@honor.icsalabs.com>
Sent: Wednesday, May 28, 2003 4:37 PM
Subject: Re: [fw-wiz] traffic analysis
:
: In the unix world, sed/awk/grep are your friends, iin the windows world
: there are ports of those unix tools that can help in this area...of
: course, some are adverse to rolling their own and prefer preinvented
: wheels to work with. But, they sometimes tend to give up specifics of
: functionality that a handrolled method can proviide. It depends upon the
: time and resources one wishes to push that way, though this does not sound
: like too resource intensive of a task.
:
: Thanks,
:
: Ron DuFresne
:
: On Wed, 28 May 2003, Loxat White wrote:
:
: > Hi all,
: > i am looking for a log analysis tool, i need to
: > extarct the source and the destenation info. from log
: > file collected by syslog program from a firewall,
: > the analysis will help me in detecting what policies i
: > should keep put in the firewall.
: > thanks
: > Faisal
: >
: > __________________________________
: > Do you Yahoo!?
: > Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
: > http://calendar.yahoo.com
: > _______________________________________________
: > firewall-wizards mailing list
: > firewall-wizards@honor.icsalabs.com
: > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
: >
:
: --
: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: admin & senior security consultant: sysinfo.com
: http://sysinfo.com
:
: "Cutting the space budget really restores my faith in humanity. It
: eliminates dreams, goals, and ideals and lets us get straight to the
: business of hate, debauchery, and self-annihilation."
: -- Johnny Hart
:
: testing, only testing, and damn good at it too!
:
: _______________________________________________
: firewall-wizards mailing list
: firewall-wizards@honor.icsalabs.com
: http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Bruce Smith: "Re: [fw-wiz] help in firewall"
- In reply to: R. DuFresne: "Re: [fw-wiz] traffic analysis"
- Next in thread: Mikael Olsson: "Re: [fw-wiz] traffic analysis"
- Reply: Mikael Olsson: "Re: [fw-wiz] traffic analysis"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
