I don't know if it suits you, but at my company we use a
central syslog server and some free tools (some home made)
to process logs and generate summary reports and exception traps.
On Cisco, it's quite easy to forward all logs to a central syslog
server. For fw-1, we use "fw log -ft | logger daemon.info" and
it works great (well, on Solaris). I don't know about raptor,
but I figure you there must me some way of doing it.
As for attack patterns... that's something I would like to work on...
Regards
[EMAIL PROTECTED] wrote:
> I�m currently training myself in the Firewalls-Topic, and was wondering how
> you keep track of all the different logfiles... every vendor seems to make
> up their own format. Does anybody know a tool that can read different
> logfiles (like Checkpoint / Raptor / Cisco etc. ) and do a bit of analyzing
> to show trends, peaks etc.? It would seem useful for me for example to show
> a statistic based on Ports or adresses, to look for attack patterns. Plus,
> it would give IT-Management some presentations to show at meetings to
> justify the need for firewalls :-) (I know this shouldn�t be necessary in
> an ideal company, but who works in an ideal company where the beancounters
> don�t rule)
--
Rui Pedro Bernardino / Av. Miguel Bombarda, 4, 8o / 1049-058 Lisboa /
Portugal
Love your enemies: they'll go crazy trying to figure out what you're up
to.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
