Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: [logs] SIM Analysis of Firewall Logs
Sep 27 2007 06:14PM
Daniel Cid (dcid ossec net)
I would add:
-Logins to the firewall (successful or not)
-Changes to the firewall rules, access lists, configurations, etc
-Any error message (generally on pix they are severity 1,2,3)
For the reports you mentioned, I think top 10 attacked ports or IPs are pretty
much useless. Looking a...
[ more ]
Copyright 2010, SecurityFocus