Re: IDS logs vs FW1 logsFrom: Chris Wilkes (email@example.com)
- Previous message: leon: "RE: IIS Header Info"
- In reply to: firstname.lastname@example.org: "IDS logs vs FW1 logs"
- Next in thread: Seham Mohamed: "RE: IDS logs vs FW1 logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Oct 2001 10:09:00 -0700 (PDT) From: Chris Wilkes <email@example.com> To: firstname.lastname@example.org Subject: Re: IDS logs vs FW1 logs Message-ID: <Pine.LNX.email@example.com>
On Mon, 15 Oct 2001 firstname.lastname@example.org wrote:
> In regards to external connections and access log montitoring, what/would
> there be a reason to monitor your FW logs if you already have an IDS and
> logging in place on that system??
Just a quick off the cuff answer: to make sure both of them are working as
advertised. Also for your own sanity and knowledge about the system. See
how both the programs work and make sure that they are reporting the same
It does initially seem that you're doubling your work but after becoming
familiar with both reporting you'll gain more of a knowledge of what's
What if one of the reporting tools was compromised? You'll be able to see
that with one of the products reporting a breakin while the other is
What if there is a new hack out? Your firewall might miss it but the IDS
doesn't, or vice versa.
In short: having multiple logs of nearly the same thing is a good thing,
you'll be able to spot irregular events more easily.