Security Basics mailing list archives
Re: Firewall Logging question?
From: Kenton Smith <listsks () yahoo ca>
Date: Tue, 20 May 2008 13:44:10 -0700 (PDT)
An example of why you would want this that I always use is; say you have 100 failed attempts and then one successful attempt right after. You don't care about the failed ones, but you will likely want to investigate the successful one because of where it occurred chronologically. You probably don't want allow logged for places where there will be a very high volume of legitimate successes (HTTP connections for instance, unless you aren't running a web server..) but anywhere where a successful connection is uncommon would be a good place to start. Kenton ----- Original Message ---- From: Albert R. Campa <abcampa () gmail com> To: security-basics <security-basics () securityfocus com> Sent: Monday, May 19, 2008 3:26:35 PM Subject: Firewall Logging question? Hi, I am wondering what your opinion is on Firewall logging for "Accept/Permit/Allow" rules? Is it really necessary? Are just the "deny" logs critical? Say disk space is not in abundance. Should you not log "accept/permit/allow" firewall rules, or log everything and have your retention reduced? What are advantages to logging "accept/permit/allow" rules in a firewall? Thank in advance. Albert __________________________________________________________________ Get a sneak peak at messages with a handy reading pane with All new Yahoo! Mail: http://ca.promos.yahoo.com/newmail/overview2/
Current thread:
- Firewall Logging question? Albert R. Campa (May 20)
- RE: Firewall Logging question? Dan Lynch (May 20)
- Re: Firewall Logging question? Gleb Paharenko (May 20)
- RE: Firewall Logging question? Rivest, Philippe (May 20)
- Re: Firewall Logging question? Jason (May 20)
- <Possible follow-ups>
- Re: Firewall Logging question? Kenton Smith (May 20)