I am looking for a FW-1 log analysis tool.
In particular, I am looking for a tool which highlights the security incidents
from a firewall-1 log, I dont care about bandwidth utilisation, web site hits,
top X sources/destinations (except where this might indicate a scan/hack
attempt.)
I am specifically looking for something that lets me focus on the Security
incidents in the log (as (initially) shown by Scans). I have other logs that
show me attempts against Bind, Syslog, SMTP etc, but the tools for Firewall-1
seem to be focussed towards Mgmt & accounting, not security.
I am hoping that someone has a perl script that they already use for this...
Please note: I am currently receiving over 1,500,000 lines of (already abridged)
logs each day, with an additional 5-10 million lines to come each day as soon as
I get the log filter working correctly. This number will just grow over time,
and I would not be surprised to be receiving 50-80 million lines per day within
12 months!
Scott McHenry,
Sys Eng / CSC
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
