[logs] SIM solution - Objectives ?
Mikael Kuisma
kuisma at ping.se
Mon Jun 4 10:57:15 PDT 2007
Hi Saudi,
To detect changes in your network configuration based on firewall logs, you
can use the ASDIC network traffic analysis system. It registers the standard
traffic and reports changes, based on whatever criteria of you choice. Works
fine of both Stonegate and Firewall-1 logs. It uses a quite neat (and as far
I know, unique) mechanism of aggregating relating log entries, keeping the
output short and concise.
Read more and download it for free from http://info.ping.se
Disclaimer - I am directly involved with the development of ASDIC.
Regards,
Mikael Kuisma, Ping
On 6/2/07, saudi sans <saudisans at gmail.com> wrote:
>
> Hi Dave
>
> That is a very useful link.
>
> Does anyone know a similar resource for other Firewalls like
> Checkpoint and Stonegate which has the details of Audit logs - their
> details. This is basically for writing rules in my SIM software for
> filtering events-of-interest
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.loganalysis.org/pipermail/loganalysis/attachments/20070604/dd8cd31a/attachment.html
More information about the LogAnalysis
mailing list