Re: Firewall Logging question?

[Kenton Smith <listsks () yahoo ca>]

An example of why you would want this that I always use is; say you have 100 failed attempts and then one successful 
attempt right after. You don't care about the failed ones, but you will likely want to investigate the successful one 
because of where it occurred chronologically. You probably don't want allow logged for places where there will be a 
very high volume of legitimate successes (HTTP connections for instance, unless you aren't running a web server..) but 
anywhere where a successful connection is uncommon would be a good place to start.

Kenton

----- Original Message ----
From: Albert R. Campa <abcampa () gmail com>
To: security-basics <security-basics () securityfocus com>
Sent: Monday, May 19, 2008 3:26:35 PM
Subject: Firewall Logging question?

Hi,

I am wondering what your opinion is on Firewall logging for
"Accept/Permit/Allow" rules?

Is it really necessary? Are just the "deny" logs critical?
Say disk space is not in abundance.

Should you not log "accept/permit/allow" firewall rules, or log
everything and have your retention reduced?

What are advantages to logging "accept/permit/allow" rules in a firewall?

Thank in advance.

Albert



      __________________________________________________________________
Get a sneak peak at messages with a handy reading pane with All new Yahoo! Mail: 
http://ca.promos.yahoo.com/newmail/overview2/