I have not used it myself, but you should take a look at: http://www.ginini.com/software/fwlogsum/
Don't know about portscans, attacks, etc. but it seems to extract a good deal of info from the logs. J. >From: Daniel Schade <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: [FW-1] Log evaluation >Date: Mon, 8 Apr 2002 07:50:26 +0200 > >Hi has anyone good perl scripts etc. for log evaluation from checkpoint box >4.1 >Portscans, attacks and so on... > >Thanks > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
