[logs] SIM solution - Objectives ?
Dave Ellingsberg
Dave.Ellingsberg at csu.mnscu.edu
Fri Jun 1 05:55:02 PDT 2007
- Changes to rulebase - However this seems impossible. People like
Checkpoint only say a new policy has been installed - They donot make
a log entry what change was made in the rulebase before ths install.
I am yet to see any rulebase change logs in Firewalls like Netscreen
and CiscoPix which even captures that a rulebase has been installed or
what has been changed in the rulebase.
***************
111008
Error Message %PIX-5-111008: User user executed the command string
Explanation This syslog message is for accounting purposes. The user entered a command that modified the configuration.
Recommended Action None required.
more on what you can and do not log at http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html
bigfoot.
More information about the LogAnalysis
mailing list