[logs] SIM solution - Objectives ?
saudi sans
saudisans at gmail.com
Sat Jun 2 07:00:52 PDT 2007
Hi Dave
That is a very useful link.
Does anyone know a similar resource for other Firewalls like
Checkpoint and Stonegate which has the details of Audit logs - their
details. This is basically for writing rules in my SIM software for
filtering events-of-interest
On 6/1/07, Dave Ellingsberg <Dave.Ellingsberg at csu.mnscu.edu> wrote:
>
>
>
> - Changes to rulebase - However this seems impossible. People like
> Checkpoint only say a new policy has been installed - They donot make
> a log entry what change was made in the rulebase before ths install.
>
> I am yet to see any rulebase change logs in Firewalls like Netscreen
> and CiscoPix which even captures that a rulebase has been installed or
> what has been changed in the rulebase.
>
>
>
> ***************
>
>
> 111008
>
> Error Message %PIX-5-111008: User user executed the command string
>
> Explanation This syslog message is for accounting purposes. The user entered a command that modified the configuration.
>
> Recommended Action None required.
>
> more on what you can and do not log at http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html
>
> bigfoot.
>
More information about the LogAnalysis
mailing list