[logs] SIM Analysis of Firewall Logs
Adrian Grigorof
adi at grigorof.com
Thu Sep 27 12:04:41 PDT 2007
Actually we went through this before. Here is a list that I compiled
based on that discussion:
http://www.eventid.net/firewalls/MostPopularReports.asp
Regards,
Adrian Grigorof
Altair Technologies Ltd.
www.altairtech.ca
www.eventid.net
saudi sans wrote:
> Hi
>
> we have 6 firewalls - 2 of them facing Internet , 4 internal
>
> We are analysing their log using a leading SIM solution
>
> Looking for help in identifying meaningful/actionable reports that we
> can get from Firewall log analysis
>
>
> -- From DENY traffic
>
> -- Currently we take daily reports on - Top 10 attacked ports,Top 10
> attacked IPs etc. I am not sure if these Top 10 are meaningful or any
> action can be taken using this
>
>
> -- From ACCEPT/PERMIT traffic
> -- I really have no clue on what we can report on this.Top 10 traffic
> generators or something
>
>
> -- Firewall configuration changes
>
> --Currently we are generating daily reports on Changes to rulebase,
> changes to firewall objects etc
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.loganalysis.org/pipermail/loganalysis/attachments/20070927/8fc6b726/attachment.html
More information about the LogAnalysis
mailing list