Data Mining for PIX Firewall Logs
From: Carey Heck (carey.heck_at_gmail.com)
Date: 02/09/05
- Previous message: Jeff Gercken: "RE: Mapping Class A network ( any easy trick?)"
- Next in thread: jkowall: "Re: Data Mining for PIX Firewall Logs"
- Reply: jkowall: "Re: Data Mining for PIX Firewall Logs"
- Reply: Jerry Shenk: "RE: Data Mining for PIX Firewall Logs"
- Maybe reply: Cesar Diaz: "Re: Data Mining for PIX Firewall Logs"
- Maybe reply: mhuston_at_imagitekltd.com: "RE: Data Mining for PIX Firewall Logs"
- Reply: Carey Heck: "RE: Data Mining for PIX Firewall Logs"
- Maybe reply: dijit: "Re: Data Mining for PIX Firewall Logs"
- Reply: Michael J McCafferty: "Re: Data Mining for PIX Firewall Logs"
- Maybe reply: Todd Towles: "RE: Data Mining for PIX Firewall Logs"
- Maybe reply: Hill, Keith (Contractor): "RE: Data Mining for PIX Firewall Logs"
- Maybe reply: Michael J McCafferty: "Re: Data Mining for PIX Firewall Logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Feb 2005 17:08:59 -0500 To: pen-test@securityfocus.com, bugtraq@securityfocus.com
Hi folks. I love the ability in the Checkpoint firewall logging
applet that allows me to load up any former saved log file, and filter
according to any criteria I set.
Lets use an example:
I want to show an auditor what exactly went through my firewall,
to/from a specific DMZ host, between the hours of 1 and 3pm GMT, on
July 8th, 2003.
In checkpoint, if I had correctly configured my ruleset, and archived
my log files properly, I could provide this answer within 30 minutes.
Fast forward to my current company, which went with a Cisco PIX
solution based on the up front cost. I can log all the connections to
my heart content, but boy mining the data to help show what happened
in my above example has been tiresome at best.
Can anyone here please suggest to me some type of logging and more
relevantly, a data mining product that can help me achieve this end?
Currently I am logging all my PIX traffic to a host running Kiwi
syslog daemon, which archives each days logs into a separate folder in
the dated logs directory, creating a new directory named for each date
in the year.
I am looking for a less clunky solution.
Any help is GREATLY appreciated.
Thanks!
-- Carey
- Previous message: Jeff Gercken: "RE: Mapping Class A network ( any easy trick?)"
- Next in thread: jkowall: "Re: Data Mining for PIX Firewall Logs"
- Reply: jkowall: "Re: Data Mining for PIX Firewall Logs"
- Reply: Jerry Shenk: "RE: Data Mining for PIX Firewall Logs"
- Maybe reply: Cesar Diaz: "Re: Data Mining for PIX Firewall Logs"
- Maybe reply: mhuston_at_imagitekltd.com: "RE: Data Mining for PIX Firewall Logs"
- Reply: Carey Heck: "RE: Data Mining for PIX Firewall Logs"
- Maybe reply: dijit: "Re: Data Mining for PIX Firewall Logs"
- Reply: Michael J McCafferty: "Re: Data Mining for PIX Firewall Logs"
- Maybe reply: Todd Towles: "RE: Data Mining for PIX Firewall Logs"
- Maybe reply: Hill, Keith (Contractor): "RE: Data Mining for PIX Firewall Logs"
- Maybe reply: Michael J McCafferty: "Re: Data Mining for PIX Firewall Logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
