Re: A Question about FireWall logging
- From: "Duane Arnold" <NotME@xxxxxxxxx>
- Date: Wed, 29 Mar 2006 08:39:57 GMT
<carkaci@xxxxxxxxx> wrote in message
news:1143620311.437436.165310@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
In our company, we enable only the ACCEPTED packet logging (cisco
firewall) ? I wonder the advantage of deny or rejected pakets logging
also i.e. (full logging). Any idea ? What type of analysis can be done
at that time?
I would think the ability to get a total picture of all traffic hitting the
FW that's being rejected. I particularly like to keep track or keep an eye
on remote IP(s) the same IP coming at the FW numerous times and run analysis
reporting on how many times the same IP is coming at the FW by day, week and
month. I have not done it that often maybe 3 or 4 times that I have set a
rule on my Watchguard that I denied specific IP(s) that were coming just a
little to hard, even if the unsolicited traffic was being rejected by the
FW. It's just me, but I don't like flying half blind and want to see all
aspects of what's happening from time to time.
Duane :)
.
- Follow-Ups:
- Re: A Question about FireWall logging
- From: Moe Trin
- Re: A Question about FireWall logging
- From: Somebody.
- Re: A Question about FireWall logging
- References:
- A Question about FireWall logging
- From: carkaci
- A Question about FireWall logging
- Prev by Date: Watchguard Exam on Fireware
- Next by Date: Re: Question about ack attack and Kerio Firewall
- Previous by thread: A Question about FireWall logging
- Next by thread: Re: A Question about FireWall logging
- Index(es):
Relevant Pages
|
