LogAnalysis
[logs] SIM Analysis of Firewall Logs Sep 27 2007 05:45PM
saudi sans (saudisans gmail com) (5 replies)
Re: [logs] SIM Analysis of Firewall Logs Sep 28 2007 06:22AM
Ajay Kumar (ajaykumar adventnet com)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 07:04PM
Adrian Grigorof (adi grigorof com)
Actually we went through this before. Here is a list that I compiled
based on that discussion:

http://www.eventid.net/firewalls/MostPopularReports.asp

Regards,

Adrian Grigorof
Altair Technologies Ltd.
www.altairtech.ca
www.eventid.net

saudi sans wrote:
> Hi
>
> we have 6 firewalls - 2 of them facing Internet , 4 internal
>
> We are analysing their log using a leading SIM solution
>
> Looking for help in identifying meaningful/actionable reports that we
> can get from Firewall log analysis
>
>
> -- From DENY traffic
>
> -- Currently we take daily reports on - Top 10 attacked ports,Top 10
> attacked IPs etc. I am not sure if these Top 10 are meaningful or any
> action can be taken using this
>
>
> -- From ACCEPT/PERMIT traffic
> -- I really have no clue on what we can report on this.Top 10 traffic
> generators or something
>
>
> -- Firewall configuration changes
>
> --Currently we are generating daily reports on Changes to rulebase,
> changes to firewall objects etc
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>
>
>
>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Arial">Actually we went through this
before. Here is a list that I compiled based on that discussion:<br>
<br>
<a class="moz-txt-link-freetext" href="http://www.eventid.net/firewalls/MostPopularReports.asp">http://ww
w.eventid.net/firewalls/MostPopularReports.asp</a><br>
</font></font>
<pre class="moz-signature" cols="72">Regards,

Adrian Grigorof
Altair Technologies Ltd.
<a class="moz-txt-link-abbreviated" href="http://www.altairtech.ca">www.altairtech.ca</a>
<a class="moz-txt-link-abbreviated" href="http://www.eventid.net">www.eventid.net</a> </pre>
<br>
<br>
saudi sans wrote:
<blockquote
cite="mid:74fb60700709271045s7ef9c2fdkd50dfeebc37931b1 (at) mail.gmail (dot) com [email concealed]"
type="cite">
<pre wrap="">Hi

we have 6 firewalls - 2 of them facing Internet , 4 internal

We are analysing their log using a leading SIM solution

Looking for help in identifying meaningful/actionable reports that we
can get from Firewall log analysis

-- From DENY traffic

-- Currently we take daily reports on - Top 10 attacked ports,Top 10
attacked IPs etc. I am not sure if these Top 10 are meaningful or any
action can be taken using this

-- From ACCEPT/PERMIT traffic
-- I really have no clue on what we can report on this.Top 10 traffic
generators or something

-- Firewall configuration changes

--Currently we are generating daily reports on Changes to rulebase,
changes to firewall objects etc
_______________________________________________
LogAnalysis mailing list
<a class="moz-txt-link-abbreviated" href="mailto:LogAnalysis (at) loganalysis (dot) org [email concealed]">LogAnalysis (at) loganalysis (dot) org [email concealed]</a
>
<a class="moz-txt-link-freetext" href="http://www.loganalysis.org/mailman/listinfo/loganalysis">http://ww
w.loganalysis.org/mailman/listinfo/loganalysis</a>

</pre>
</blockquote>
</body>
</html>
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 06:45PM
Ron Gula (rgula tenablesecurity com) (1 replies)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 07:53PM
Michael Kinsley (michael kinsley sensage com) (1 replies)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 08:44PM
Michael Kinsley (michael kinsley sensage com)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 06:25PM
Anton Chuvakin (anton chuvakin org) (1 replies)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 08:41PM
David Corlette (dcorlette novell com)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 06:14PM
Daniel Cid (dcid ossec net)


 

Privacy Statement
Copyright 2010, SecurityFocus