[logs] SIM solution - Objectives ? (Firewall logging)
Marcus J. Ranum
mjr at ranum.com
Tue May 29 13:53:39 PDT 2007
Chris Brenton wrote:
>I agree that permits are usually more important, but don't completely
>discount the denies.
I never discounted the denies. I was merely pointing out that discounting
the permits is really really really dumb. The first version of the firewall
I was referring to (which didn't log denies) was field-test code in the late
1980s...
It's sad that we're even talking about this stuff in 2007. The TCSEC
nailed it all in, what, 1983?
mjr.
More information about the LogAnalysis
mailing list