Firewall Wizards mailing list archives
Re: What's the best?
From: "Paul D. Robertson" <proberts () patriot net>
Date: Fri, 17 Jan 2003 21:41:54 -0500 (EST)
On Thu, 9 Jan 2003, Manlio Frizzi wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hello all you Wizard! I've seen that there are a lot of tools for reading IPTABLES Log files (ie entry in /var/log/messages) Some inside the GUI (Firestarter), some with simple http output some with http+php4+MySQL..... What's the best?
I don't think it much matters what you use to review logs, so long as it doesn't extend your vulnerability. For instance, PHP is probably best avoided on critical systems. Databasing logs can make Denial-of-Service attacks easier, but may also help with analysis in some instances. I'd be wary of having to have a Web server function to be able to find out my system or network was under attack. But if having them (on a different machine hopefully inside the firewall) meant the difference between the logs being reviewed and them not being checked, or if you just wanted HTML for formatting, and weren't using a server to serve them, that'd be an individual choice. HTH, Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- What's the best? Manlio Frizzi (Jan 17)
- Re: What's the best? Paul D. Robertson (Jan 18)
- Re: What's the best? Gene Yoo (Jan 18)