On 10/23/05, jonathan gonzalez <[EMAIL PROTECTED]> wrote: > Hi, > > this post is more likely to be a request than a support post. > > I think that the firewall logs should be complemented with nat logs and > a very imporant column (on both logs) in order to review a lot of logs: > rule number. > > I think this would be important in high production environmentes where > an admin must review a lot of logs. > > Also an option to recover the whole list of lines in the whole logs > should be important in order to do some 'forensic analysis'.
I'd recommend using pfflowd to log the passed traffic (you did say forensic analysis) and syslog to send the logs to another machine. Right now our syslog only does UDP, but if someone was willing to create a syslog-ng package and modify the system to make syslog changing dynamic (we're not moving away from clog for the base system) then you can syslog considerably more securely. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
