Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: FW-1 log analysis tool

FW-1 log analysis tool

From: Chew Poh Chang <pcchew_at_CSAH.COM>
Date: Fri, 9 Jun 2000 09:27:30 +0800

Greetings ,
        I am looking for a FW-1 log analysis tool.

In particular, I am looking for a tool which highlights the security
incidents from a firewall-1 log, I dont care about bandwidth utilisation,
web site hits, top X sources/destinations (except where this might indicate
a scan/hack attempt.)

I am specifically looking for something that lets me focus on the Security
incidents in the log (as (initially) shown by Scans). I have other logs
that show me attempts against Bind, Syslog, SMTP etc, but the tools for
Firewall-1 seem to be focussed towards Mgmt & accounting, not security.

I am hoping that someone has a perl script that they already use for this...

Please note: I am currently receiving over 1,500,000 lines of (already
abridged) logs each day, with an additional 5-10 million lines to come each
day as soon as I get the log filter working correctly. This number will
just grow over time, and I would not be surprised to be receiving 50-80
million lines per day within 12 months!

Regards,
Chew Poh Chang
Received on Jun 10 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos