Security Basics mailing list archives

Re: Tools to Analyse Logs in Checkpoint NG

From: c_brauckmiller () LEK COM
Date: Wed, 21 May 2003 12:17:14 -0400



There is one package called Sawmill that claims to examine logs from CheckPoint.
I never had much luck with it...but you may have more luck.  The only downside
is that you have to export the logs to a file before Sawmill will be able to use
it.

WebTends sells a REALLY nice package for about $2500 that will analyze the hell
out of the logs.  Their product will connect live to the firewall and examine
them on the fly with no need to export the logs.

I say spend the money and get that one especially for multiple firewalls.

Good luck and let us know what you find.

Craig Brauckmiller





E P <enda.purcell () cw com> on 05/21/2003 09:29:09 AM

To:   security-basics () securityfocus com
cc:    (bcc: Craig Brauckmiller/LEK)

Subject:  Tools to Analyse Logs in Checkpoint NG





Hi all,

I am wondering if anybody has or have come across any scripting tools
or good freeware package that can be used to analyse Checkpoint NG
Firewall Log files. I'm faced  with the task that I have several
firewalls
that I wish to produce reports on things like attack info from
Smartdefence, attacks, usage, top talkers and all that fancy stuff.
Hopefully
someone may have come across something that could be used or easily
modified to perform this rather than having to write my own scripts. I
have
looked in brief at WebTrends and I don't feel that it is granular
enough for what I want

thanks

---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities--
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------























---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------

Current thread:

Tools to Analyse Logs in Checkpoint NG E P (May 21)
- Re: Tools to Analyse Logs in Checkpoint NG Dr. S. A. Vetha Manickam (May 22)
- Re: Tools to Analyse Logs in Checkpoint NG yannick'san (May 22)
- <Possible follow-ups>
- Re: Tools to Analyse Logs in Checkpoint NG c_brauckmiller (May 22)
- Re: Tools to Analyse Logs in Checkpoint NG H Carvey (May 22)
- RE: Tools to Analyse Logs in Checkpoint NG Lachlan McGill (May 27)