Probably want to be carefull with our termnology ... Chris has called our attention to the fact that most pages browsed at the user level (e.g., click a link) consist of many individual URL GET requests. Typical for sites today such as CNN is ~100 objects retrieved for one page. There is no way for a firewall to indentify those URLs with certainty as being associated with a single page request and from a security management perspective I wouldn't want them to be.
I think Eric's observation is that each of those ~URL GETs expands into 10-50 log events ... but this is just a guess ... hence using precise termnology would help focus the question. On Sun, 15 Oct 2006, Chris Green wrote: > Why would you not want every single GET to be logged? That's the entire > point of logging HTTP traffic. > > Eric Appelboom wrote: > > This is "almost" as bad as not being able to disable (collate) the > > logging and event for every single HTTP GET. > > One user browsing one url results in 10-50 log events. > > > > Regards > > Eric > > > > -----Original Message----- > > From: Roger Cornelius [mailto:[EMAIL PROTECTED] > > Sent: 13 October 2006 08:40 PM > > To: [email protected] > > Cc: Roger Cornelius > > Subject: [gb-users] Excessive GB-Ware logging > > > > We're using GB-Ware 4.0.2 with remote logging turned on. Each time the > > firewall emails an alarm, it generates three syslog messages to report > > the status: > > > > Oct 13 14:14:13 gbox id=firewall time="2006-10-13 18:14:13" > > fw="12100192" pri=6 msg="alarm: Connecting to email server" > > dst=192.168.1.1 dstport=25 > > > > Oct 13 14:14:13 gbox id=firewall time="2006-10-13 18:14:13" > > fw="12100192" pri=5 msg="alarm: Connected to email server successfully" > > src=192.168.1.100 srcport=1170 dst=192.168.1.1 dstport=25 > > > > Oct 13 14:14:34 gbox id=firewall time="2006-10-13 18:14:34" > > fw="12100192" pri=5 msg="alarm: Email alarms successfully sent" > > dst=192.168.1.1 dstport=25 > > > > Is there a way to turn these messages off? > > -- > > Roger Cornelius [EMAIL PROTECTED] > > > > ------------------------------------------------------ > > To unsubscribe: [EMAIL PROTECTED] > > For additional commands: [EMAIL PROTECTED] > > Archive: http://archives.gnatbox.com/gb-users/ > > > > ------------------------------------------------------ > > To unsubscribe: [EMAIL PROTECTED] > > For additional commands: [EMAIL PROTECTED] > > Archive: http://archives.gnatbox.com/gb-users/ > > ------------------------------------------------------ > To unsubscribe: [EMAIL PROTECTED] > For additional commands: [EMAIL PROTECTED] > Archive: http://archives.gnatbox.com/gb-users/ ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
