Date: Tue, 19 Sep 2000 07:58:56 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: "Hudson, Henrik H." <hhudson@eschelon.com> Cc: "'security@freebsd.org'" <security@FreeBSD.ORG> Subject: Re: IPFW Log Auditing? Message-ID: <200009191459.e8JExlb06601@cwsys.cwsent.com> In-Reply-To: Your message of "Tue, 19 Sep 2000 07:42:54 CDT." <C1781C38F13DA040848FEFAD07311B101B64D9@walleye.corp.fishnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <C1781C38F13DA040848FEFAD07311B101B64D9@walleye.corp.fishnet. com>, " Hudson, Henrik H." writes: > Morning List- > > I have been trying to find something will do log auditing/scanning of > already existing IPFW logs? Does such a tool exist? > > There is IPLOG, but doesn't that generate it's own logs and scan those? or > snort, but that's almost like IPLOG, right? Of course, I could be reading > the FAQ's backwards too. > > While on this subject, if I have to use something like IPLOG/snort, does > this still capture info about packets that IPFW has denied? What's the > performance decrease on a machine that is running IPFW rules and iplog? > anything noticable besides increased disk space needs? > > Any other thoughts I should be having? Take a look at swatch. At home I run it daily to produce a colourized listing of my firewall logs. At work we run it as a daemon to initiate automated call-out to our pager/cell phones. The next phase of our automated logging project will use swatch to open Remedy tickets. Swatch is in the ports collection. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009191459.e8JExlb06601>