Penetration Testing mailing list archives
Re: Auditing / Logging
From: "Don Parker" <dparker () rigelksecurity com>
Date: Mon, 12 Jan 2004 13:17:14 -0500 (EST)
The simplest solution would be to simply log all activity using tcpdump in binary format. This decreases the file size, is faster, and allows you to manipulate it after. You can also input this binary log into any protocol analyzer afterwards as well ie: ethereal, etherpeek nx and the such. Doing the above also gives you and your client a copy of exactly what it is you have done during your pen test should there be any questions/complaints. Cheers ------------------------------------------- Don Parker, GCIA Intrusion Detection Specialist Rigel Kent Security & Advisory Services Inc www.rigelksecurity.com ph :613.249.8340 fax:613.249.8319 -------------------------------------------- On Jan 12, "n30" <n30_lists () hotmail com> wrote: Folks, What software do you recommend for auditing / logging while performing pen-test assessment. I am interested in both network and application level.logging. Thanks -N --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Auditing / Logging n30 (Jan 12)
- Re: Auditing / Logging Peter Hsu (Jan 12)
- <Possible follow-ups>
- Re: Auditing / Logging Don Parker (Jan 12)
- Re: Auditing / Logging R. DuFresne (Jan 12)
- Re: Auditing / Logging Don Parker (Jan 12)
- Re: Auditing / Logging Frank Knobbe (Jan 13)
- RE: Auditing / Logging Rob Shein (Jan 18)
- RE: Auditing / Logging Steve Armstrong (Jan 20)
- RE: Auditing / Logging Rob Shein (Jan 20)
- Re: Auditing / Logging Travis Schack (Jan 12)
- Re: Auditing / Logging Steve Shah (Jan 13)
- Re: Auditing / Logging cdowns (Jan 13)
- Re: Auditing / Logging Steve Shah (Jan 13)
- Re: Auditing / Logging Don Parker (Jan 13)