SecurityFocus

[logs] SIM solution - Objectives ? May 24 2007 05:52AM
saudi sans (saudisans gmail com) (3 replies)

Re: [logs] SIM solution - Objectives ? May 25 2007 08:12AM
Tom Le (dottom gmail com)

Re: [logs] SIM solution - Objectives ? May 24 2007 01:43PM
Paul Melson (pmelson gmail com)

Re: [logs] SIM solution - Objectives ? May 24 2007 12:58PM
Ron Gula (rgula tenablesecurity com) (1 replies)

Re: [logs] SIM solution - Objectives ? May 25 2007 01:29PM
saudi sans (saudisans gmail com) (3 replies)

Re: [logs] SIM solution - Objectives ? May 28 2007 02:33AM
Mordechai T. Abzug (morty frakir org)

RE: [logs] SIM solution - Objectives ? May 25 2007 06:47PM
Tina Bird (tbird precision-guesswork com) (1 replies)

RE: [logs] SIM solution - Objectives ? May 28 2007 01:00AM
Marcus J. Ranum (mjr ranum com) (1 replies)

RE: [logs] SIM solution - Objectives ? May 29 2007 08:02PM
Paul Melson (pmelson gmail com)

Re: [logs] SIM solution - Objectives ? May 25 2007 05:50PM
Paul Melson (pmelson gmail com) (1 replies)

Re: [logs] SIM solution - Objectives ? (Firewall logging) May 25 2007 06:35PM
Ron Gula (rgula tenablesecurity com) (2 replies)

Re: [logs] SIM solution - Objectives ? (Firewall logging) May 27 2007 03:23PM
Paul Melson (pmelson gmail com) (2 replies)

Re: [logs] SIM solution - Objectives ? (Firewall logging) May 29 2007 03:43PM
Dave Ellingsberg (Dave Ellingsberg csu mnscu edu) (1 replies)

RE: [logs] SIM solution - Objectives ? (Firewall logging) May 30 2007 01:31PM
Paul Melson (pmelson gmail com)

Re: [logs] SIM solution - Objectives ? (Firewall logging) May 27 2007 09:02PM
Marcus J. Ranum (mjr ranum com) (3 replies)

Paul Melson wrote:
>Logging 'deny' messages and not 'accept' messages from a firewall is,
>in my opinion, a very outdated way of looking at firewall log data.

Minor nit - I think you meant to write "stupid" not "outdated."
As far back as I can remember (and that's a long way!) some of
us have been saying that permit log entries are more important
than deny. In fact, the first codebase of my first firewall didn't even
bother logging denys because, at the time I felt that a deny log
message only meant "the firewall is working."

mjr.

_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]

RE: [logs] SIM solution - Objectives ? (Firewall logging) May 29 2007 07:20PM
Eric Fitzgerald (Eric Fitzgerald microsoft com)

Re: [logs] SIM solution - Objectives ? (Firewall logging) May 29 2007 05:17PM
Chris Brenton (cbrenton chrisbrenton org) (1 replies)

Re: [logs] SIM solution - Objectives ? (Firewall logging) May 29 2007 08:53PM
Marcus J. Ranum (mjr ranum com)

[logs] SIM solution - Objectives ? (Firewall logging) May 28 2007 05:59PM
Fenwick, Wynn (wynn fenwick cgi com) (2 replies)

RE: [logs] SIM solution - Objectives ? (Firewall logging) May 29 2007 07:07PM
Paul Melson (pmelson gmail com) (1 replies)

RE: [logs] SIM solution - Objectives ? (Firewall logging) May 30 2007 03:40PM
Fenwick, Wynn (wynn fenwick cgi com) (1 replies)

RE: [logs] SIM solution - Objectives ? (Firewall logging) May 30 2007 09:25PM
Paul Melson (pmelson gmail com) (1 replies)

RE: [logs] SIM solution - Objectives ? (Firewall logging) May 31 2007 07:42PM
Fenwick, Wynn (wynn fenwick cgi com)

[logs] Log Analysis -- Best Practice May 29 2007 06:13AM
harshad mengle wipro com (1 replies)

Re: [logs] Log Analysis -- Best Practice May 30 2007 12:24AM
Ron Gula (rgula tenablesecurity com)

Re: [logs] SIM solution - Objectives ? (Firewall logging) May 25 2007 07:22PM
Jimmy Alderson (jimmy alderson gmail com)