Bill,
your options are quite valid, but anyway, exporting to netflow, a rule
number in the log line will help so much.
Would be posible to achieve this in a "low cost of time" fashion? Do the
developers find this interesing for 'your' product?
TIA,
jonathan
Bill Marquette wrote:
On 10/23/05, jonathan gonzalez <[EMAIL PROTECTED]> wrote:
Hi,
this post is more likely to be a request than a support post.
I think that the firewall logs should be complemented with nat logs and
a very imporant column (on both logs) in order to review a lot of logs:
rule number.
I think this would be important in high production environmentes where
an admin must review a lot of logs.
Also an option to recover the whole list of lines in the whole logs
should be important in order to do some 'forensic analysis'.
I'd recommend using pfflowd to log the passed traffic (you did say
forensic analysis) and syslog to send the logs to another machine.
Right now our syslog only does UDP, but if someone was willing to
create a syslog-ng package and modify the system to make syslog
changing dynamic (we're not moving away from clog for the base system)
then you can syslog considerably more securely.
--Bill
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
