[logs] SIM solution - Objectives ?
Justin Mitchell
jmitchell at secureworks.com
Fri Jun 1 10:04:47 PDT 2007
>From the CLI on Checkpoint, check out the fwaudit.log (fw log fwaudit.log),
for GUI see SmartView Tracker -> Audit. Data is also retrievable via OPSEC
(Audit Session).
On Friday 01 June 2007 08:55, Dave Ellingsberg wrote:
> - Changes to rulebase - However this seems impossible. People like
> Checkpoint only say a new policy has been installed - They donot make
> a log entry what change was made in the rulebase before ths install.
>
> I am yet to see any rulebase change logs in Firewalls like Netscreen
> and CiscoPix which even captures that a rulebase has been installed or
> what has been changed in the rulebase.
>
>
>
> ***************
>
>
> 111008
>
> Error Message %PIX-5-111008: User user executed the command string
>
> Explanation This syslog message is for accounting purposes. The user
> entered a command that modified the configuration.
>
> Recommended Action None required.
>
> more on what you can and do not log at
> http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.
>html
>
> bigfoot.
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis
--
Justin Mitchell, GCIA
IT Security Analyst
(843) 903-4376 x2
SecureWorks -- The Information Security Experts
http://www.secureworks.com/company/about.html
This E-mail and any of its contents may contain proprietary information,
which is privileged, confidential, or subject to copyright belonging to
LURHQ/SecureWorks. This E-mail is intended solely for the use of the
individual or entity to which it is addressed. If you are not the
intended recipient of this E-mail, you are hereby notified that any
dissemination, distribution, copying, or action taken in relation to the
contents of and attachments to this E-mail is strictly prohibited and
may be unlawful. If you have received this E-mail in error, notify the
sender immediately and permanently delete the original and any copy of
this E-mail.
More information about the LogAnalysis
mailing list