SecurityFocus

[logs] SIM solution - Objectives ? May 24 2007 05:52AM
saudi sans (saudisans gmail com) (3 replies)

Re: [logs] SIM solution - Objectives ? May 25 2007 08:12AM
Tom Le (dottom gmail com)

Re: [logs] SIM solution - Objectives ? May 24 2007 01:43PM
Paul Melson (pmelson gmail com)

Re: [logs] SIM solution - Objectives ? May 24 2007 12:58PM
Ron Gula (rgula tenablesecurity com) (1 replies)

Re: [logs] SIM solution - Objectives ? May 25 2007 01:29PM
saudi sans (saudisans gmail com) (3 replies)

Re: [logs] SIM solution - Objectives ? May 28 2007 02:33AM
Mordechai T. Abzug (morty frakir org)

RE: [logs] SIM solution - Objectives ? May 25 2007 06:47PM
Tina Bird (tbird precision-guesswork com) (1 replies)

RE: [logs] SIM solution - Objectives ? May 28 2007 01:00AM
Marcus J. Ranum (mjr ranum com) (1 replies)

RE: [logs] SIM solution - Objectives ? May 29 2007 08:02PM
Paul Melson (pmelson gmail com)

Re: [logs] SIM solution - Objectives ? May 25 2007 05:50PM
Paul Melson (pmelson gmail com) (1 replies)

Re: [logs] SIM solution - Objectives ? (Firewall logging) May 25 2007 06:35PM
Ron Gula (rgula tenablesecurity com) (2 replies)

Re: [logs] SIM solution - Objectives ? (Firewall logging) May 27 2007 03:23PM
Paul Melson (pmelson gmail com) (2 replies)

Re: [logs] SIM solution - Objectives ? (Firewall logging) May 29 2007 03:43PM
Dave Ellingsberg (Dave Ellingsberg csu mnscu edu) (1 replies)

RE: [logs] SIM solution - Objectives ? (Firewall logging) May 30 2007 01:31PM
Paul Melson (pmelson gmail com)

Re: [logs] SIM solution - Objectives ? (Firewall logging) May 27 2007 09:02PM
Marcus J. Ranum (mjr ranum com) (3 replies)

RE: [logs] SIM solution - Objectives ? (Firewall logging) May 29 2007 07:20PM
Eric Fitzgerald (Eric Fitzgerald microsoft com)

mjr wrote:
> As far back as I can remember (and that's a long way!) some of
> us have been saying that permit log entries are more important
> than deny.

Generalizing, I think that the same is true of almost ANY audit trail.

One minor behavioral difference you might notice is that failures/denies
in non-firewall logs tend to be caused more often by misconfiguration
than by malice, at least in my experience. YMMV.

Eric Fitzgerald
Microsoft Corporation

_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]

Re: [logs] SIM solution - Objectives ? (Firewall logging) May 29 2007 05:17PM
Chris Brenton (cbrenton chrisbrenton org) (1 replies)

Re: [logs] SIM solution - Objectives ? (Firewall logging) May 29 2007 08:53PM
Marcus J. Ranum (mjr ranum com)

[logs] SIM solution - Objectives ? (Firewall logging) May 28 2007 05:59PM
Fenwick, Wynn (wynn fenwick cgi com) (2 replies)

RE: [logs] SIM solution - Objectives ? (Firewall logging) May 29 2007 07:07PM
Paul Melson (pmelson gmail com) (1 replies)

RE: [logs] SIM solution - Objectives ? (Firewall logging) May 30 2007 03:40PM
Fenwick, Wynn (wynn fenwick cgi com) (1 replies)

RE: [logs] SIM solution - Objectives ? (Firewall logging) May 30 2007 09:25PM
Paul Melson (pmelson gmail com) (1 replies)

RE: [logs] SIM solution - Objectives ? (Firewall logging) May 31 2007 07:42PM
Fenwick, Wynn (wynn fenwick cgi com)

[logs] Log Analysis -- Best Practice May 29 2007 06:13AM
harshad mengle wipro com (1 replies)

Re: [logs] Log Analysis -- Best Practice May 30 2007 12:24AM
Ron Gula (rgula tenablesecurity com)

Re: [logs] SIM solution - Objectives ? (Firewall logging) May 25 2007 07:22PM
Jimmy Alderson (jimmy alderson gmail com)