Firewall Wizards mailing list archives

Re: Firewall Log Analysis

From: "Chuck Swiger" <chuck () codefab com>
Date: Fri, 14 Jan 2000 14:57:14 -0500

On Thu, 13 Jan 2000 10:35:45 +0530, VN_Sabarinath () satyam-infoway com wrote:

I administer 5 remote firewalls and wish to do seperate centralized anaysis
of the logfiles to generate custom reports.

To get the log files, I propose to regularly FTP the files (in zipped
version, once a day, automatically)from the firewalls to a centralised
machine. This machine run a log anaysis software. The report may be FTP'ed
back or put up on a website.

1) Are there any better approaches to do this?


Well, I would highly recommend using scp (part of the SSH distribution)  
instead of FTP to move the files around.  That way, you don't have to run an  
FTP daemon on your log analyzer machine.

Another perhaps not-so-minor benefit is that your logfiles are encrypted in  
transit, which means that an attacker cannot see whether his attempts have  
created log messages (by packet sniffing) nor can the attacker easily steal  
the connection and spoof false logs to hide his tracks.

-Chuck

       Chuck 'Sisyphus' Swiger | chuck () codefab com | Bad cop!  No Donut.
       ------------------------+-------------------+--------------------
       I know that you are an optimist if you think I am a pessimist....

Current thread:

Firewall Log Analysis VN_Sabarinath (Jan 13)
- Re: Firewall Log Analysis Saravana Ram (Jan 15)
- Re: Firewall Log Analysis Bill Pennington (Jan 16)
- Re: Firewall Log Analysis R. DuFresne (Jan 16)
  - Re: Firewall Log Analysis Randy Grimshaw (Jan 18)
- Re: Firewall Log Analysis Chuck Swiger (Jan 16)