Re: [fw-wiz] Syslog set up
From: David Thiel (lx_at_redundancy.redundancy.org)
Date: 07/24/03
- Previous message: Paul Robertson: "Re: [fw-wiz] ip track through natting"
- In reply to: Melson, Paul: "RE: [fw-wiz] Syslog set up"
- Next in thread: Mark Tinberg: "RE: [fw-wiz] Syslog set up"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Thu, 24 Jul 2003 09:51:30 -0700
On Thu, Jul 24, 2003 at 08:44:38AM -0400, Melson, Paul wrote:
> I think a gung-ho approach is best in this situation; "Log 'em
> all, let the analyzer sort 'em out." :-)
I'm required to log everything, and I find a useful tool to deal with
this is socklog.
For example:
s1000000 -* +*pix.ip.ad.dr:* ./main/pix \
s1000000 -* +*%PIX*Built* +*%PIX*Teardown* ./main/pix-accept \
s1000000 -* +*%PIX*Deny* ./main/pix-deny
This will put log messages with the specified characteristics into their
own log directory. It's easy to do the same thing to sort out protocol,
port, etc. Not a full log analysis solution, but a good way to start
with bite-sized pieces when looking for specific info.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul Robertson: "Re: [fw-wiz] ip track through natting"
- In reply to: Melson, Paul: "RE: [fw-wiz] Syslog set up"
- Next in thread: Mark Tinberg: "RE: [fw-wiz] Syslog set up"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
