From owner-freebsd-security  Tue Sep 19  5:40:18 2000
Delivered-To: freebsd-security@freebsd.org
Received: from sunny.fishnet.com (sunny.fishnet.com [209.150.200.6])
	by hub.freebsd.org (Postfix) with ESMTP id CEE3E37B42C
	for <security@freebsd.org>; Tue, 19 Sep 2000 05:40:16 -0700 (PDT)
Received: from walleye.corp.fishnet.com (209.150.192.114) by sunny.fishnet.com (5.0.048)
        id 39A431C7000DE6E6 for security@freebsd.org; Tue, 19 Sep 2000 07:40:11 -0500
Message-ID: <C1781C38F13DA040848FEFAD07311B101B64D9@walleye.corp.fishnet.com>
From: "Hudson, Henrik H." <hhudson@eschelon.com>
To: "'security@freebsd.org'" <security@freebsd.org>
Subject: IPFW Log Auditing?
Date: Tue, 19 Sep 2000 07:42:54 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Morning List-

I have been trying to find something will do log auditing/scanning of
already existing IPFW logs? Does such a tool exist?

There is IPLOG, but doesn't that generate it's own logs and scan those? or
snort, but that's almost like IPLOG, right? Of course, I could be reading
the FAQ's backwards too.

While on this subject, if I have to use something like IPLOG/snort, does
this still capture info about packets that IPFW has denied? What's the
performance decrease on a machine that is running IPFW rules and iplog?
anything noticable besides increased disk space needs?

Any other thoughts I should be having?

Thanks for your time.

Henrik
hhudson@eschelon.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message