What is the most common method used by "standalone" firewalls to generate
log files? (With "standalone" I mean firewalls which have no local
secondary storage, e.g. harddisk.)
I think that cisco's Pix uses syslog, but what do others use? Proprietary
protocols? SNMP? Is a separate network interface used for the traffic or
is it sent on the internal network or the DMZ?
What is normally logged by a firewall? Say, if a TCP connection is denied,
is the packet containing the SYN-segment logged together with the MAC
addresses and all or is only the IP-addresses and an event logged? Do most
people use minimal logging under normal circumstances and then increase
the logging when "under attack" for example?
- --
Henrik Bergstrom Email: [EMAIL PROTECTED]
Software Engineer Voice: +46-8-628 28 28
Intertex Data AB Fax: +46-8-628 64 14
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
