Firewall Wizards mailing list archives

Re: Reading firewall logs

From: Bill_Royds () pch gc ca
Date: Fri, 28 Apr 2000 09:50:09 -0400

I use Perl scripts to summarize important events. For example I have a script
that looks at all rejected packets, ICMP redirects etc. that firewall sees and
summarizes by source/srcport -> destin/dstport (ICMP type). so that I can
quickly see if certain exploits are being attempted. We get about 500MB of
firewall logs a day (including legitimate usage) so anomaly detection is
impossible by eyeball.
  Perl is probably the most useful log tool followed by Excel or someother
spreadsheet to slice and dice results

Current thread:

Reading firewall logs Alex Lim (Apr 26)
- Re: Reading firewall logs Bill Pennington (Apr 27)
- Re: Reading firewall logs Lance Spitzner (Apr 27)
- RE: Reading firewall logs Andrew Helm-Cowley (Apr 27)
- Re: Reading firewall logs Jim Seymour (Apr 27)
- Re: Reading firewall logs Dominik Miklaszewski (Apr 28)
- <Possible follow-ups>
- RE: Reading firewall logs Litney, Tom (Apr 27)
- Re: Reading firewall logs ark (Apr 27)
- Re: Reading firewall logs Bill_Royds (Apr 28)
- RE: Reading firewall logs -reply Mark . Teicher (Apr 28)