Re: What's the best?

["Paul D. Robertson" <proberts () patriot net>]

On Thu, 9 Jan 2003, Manlio Frizzi wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> hello all you Wizard!
> I've seen that there are a lot of tools for
> reading IPTABLES Log files (ie entry in /var/log/messages)
> Some inside the GUI (Firestarter), some with simple http output
> some with http+php4+MySQL.....
>
> What's the best?

I don't think it much matters what you use to review logs, so long as it 
doesn't extend your vulnerability.  For instance, PHP is probably best 
avoided on critical systems.  Databasing logs can make Denial-of-Service 
attacks easier, but may also help with analysis in some instances.

I'd be wary of having to have a Web server function to be able to find out 
my system or network was under attack.  But if having them (on a different 
machine hopefully inside the firewall) meant the difference between the 
logs being reviewed and them not being checked, or if you just wanted HTML 
for formatting, and weren't using a server to serve them, that'd be an 
individual choice.

HTH,

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards