LogAnalysis
[logs] SIM Analysis of Firewall Logs Sep 27 2007 05:45PM
saudi sans (saudisans gmail com) (5 replies)
Hi

we have 6 firewalls - 2 of them facing Internet , 4 internal

We are analysing their log using a leading SIM solution

Looking for help in identifying meaningful/actionable reports that we
can get from Firewall log analysis

-- From DENY traffic

-- Currently we take daily reports on - Top 10 attacked ports,Top 10
attacked IPs etc. I am not sure if these Top 10 are meaningful or any
action can be taken using this

-- From ACCEPT/PERMIT traffic
-- I really have no clue on what we can report on this.Top 10 traffic
generators or something

-- Firewall configuration changes

--Currently we are generating daily reports on Changes to rulebase,
changes to firewall objects etc
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] SIM Analysis of Firewall Logs Sep 28 2007 06:22AM
Ajay Kumar (ajaykumar adventnet com)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 07:04PM
Adrian Grigorof (adi grigorof com)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 06:45PM
Ron Gula (rgula tenablesecurity com) (1 replies)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 07:53PM
Michael Kinsley (michael kinsley sensage com) (1 replies)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 08:44PM
Michael Kinsley (michael kinsley sensage com)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 06:25PM
Anton Chuvakin (anton chuvakin org) (1 replies)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 08:41PM
David Corlette (dcorlette novell com)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 06:14PM
Daniel Cid (dcid ossec net)


 

Privacy Statement
Copyright 2010, SecurityFocus