Henrik Bergstrom wrote:
> What is the most common method used by "standalone" firewalls to generate
> log files? (With "standalone" I mean firewalls which have no local
> secondary storage, e.g. harddisk.)
>
> I think that cisco's Pix uses syslog, but what do others use? Proprietary
> protocols? SNMP? Is a separate network interface used for the traffic or
> is it sent on the internal network or the DMZ?
>
> What is normally logged by a firewall? Say, if a TCP connection is denied,
> is the packet containing the SYN-segment logged together with the MAC
> addresses and all or is only the IP-addresses and an event logged? Do most
> people use minimal logging under normal circumstances and then increase
> the logging when "under attack" for example?
I don't know about other firewalls on other systems, but with FW-1 on
Solaris I simply forward a "realtime continous log output" (i.e. "fw log
-ft")
to the syslog daemon and into a central syslog server. I suppose this
can be achieved with most firewalls running Unix, not sure about NT and
other systems.
Regards
--
Rui Pedro Bernardino / Av. Miguel Bombarda, 4, 8o / 1049-058 Lisboa /
Portugal
Gold's Law:
If the shoe fits, it's ugly.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
