Re: Logging outgoing/incomming address'
From: winged (winged_at_nofollow.com)
Date: 03/03/05
- Next message: winged: "Re: Is this site be blocked from users?"
- Previous message: David H. Lipman: "TrendMicro Vulnerability in VSAPI ARJ parsing could allow Remote Code execution"
- In reply to: Michael J. Pelletier: "Re: Logging outgoing/incomming address'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 03 Mar 2005 00:09:17 EST To: "Michael J. Pelletier" <mjpelletier@mjpelletier.com>
Michael J. Pelletier wrote:
> george wrote:
>
>
>>Hi all,
>>How or what program can I use to log all outgoing and incomming
>>address' simular to the one that was on Atguard firewall. The
>>firewall no longer logs using XP.
>>
>>Thanks for any suggestions,
>>George
The Symantec Firewall logs all completed and blocked connections,
inbound or outbound, identifies blocked content, Intrusion detection
triggers, Blocked and allowed privacy information (type of release and
to whom), IP logs including all local dynamic and static IP's that have
been used when, logs all firewall configuration and status changes,
Historical web history, and user and system defined alerts and which
rule triggered the alert. These are separate logs and log max size is
user defined. Logs rollover once max size is reached (problematic for
archiving as duplicate data is assured when logs are backed up. While
this deficiency is not unique I am not sure I need to duplicate the data
on my incremental |:-P
You can also enable the XP ICF to log.
To enable the XP firewall logging:
- Start - Control Panel - Network Connections
- Right click on your current active network or dial-up connection and
choose properties
- Click on the Advanced Tab and check the box under Internet Connection
Firewall
- At the bottom of the same page click on the Settings button
- Under Security Logging check both boxes
- Under Log File Options leave the default path alone
- Under size you can change the max size of the file if so desired.
There are a number of free log review and analysis utilities that makes
the log review less painful on the net. The XP ICF uses the extended
log file format established by the WC3. Any viewer that is capable of
reviewing this format may be used.
If you choose this route, learn to use the manual methods (using msi,
policy or script) to control the XP ICF configuration. The standard MS
simplified interface lacks the finite control one needs to properly
manage connections, however the firewall and logging is capable.
Application access may also be accessed from outside the MS interface
and rules established for more finite port control.
Winged
- Next message: winged: "Re: Is this site be blocked from users?"
- Previous message: David H. Lipman: "TrendMicro Vulnerability in VSAPI ARJ parsing could allow Remote Code execution"
- In reply to: Michael J. Pelletier: "Re: Logging outgoing/incomming address'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
