[logs] SIM solution - Objectives ? (Firewall logging)
Marcus J. Ranum
mjr at ranum.com
Sun May 27 14:02:52 PDT 2007
Paul Melson wrote:
>Logging 'deny' messages and not 'accept' messages from a firewall is,
>in my opinion, a very outdated way of looking at firewall log data.
Minor nit - I think you meant to write "stupid" not "outdated."
As far back as I can remember (and that's a long way!) some of
us have been saying that permit log entries are more important
than deny. In fact, the first codebase of my first firewall didn't even
bother logging denys because, at the time I felt that a deny log
message only meant "the firewall is working."
mjr.
More information about the LogAnalysis
mailing list