Scott,
See http://www.wittys.com/fw-1/intrusion.html or
http://www.enteract.com/~lspitz/pubs.html . Both of these sites include
Lance Spitzner's whitepapers on adding rudamentary intrusion detection
to Firewall-1 (using automated log file analysis). Hope this helps!
Jason
http://www.wittys.com
[EMAIL PROTECTED] wrote:
>
> I am looking for a FW-1 log analysis tool.
>
> In particular, I am looking for a tool which highlights the security incidents
> from a firewall-1 log, I dont care about bandwidth utilisation, web site hits,
> top X sources/destinations (except where this might indicate a scan/hack
> attempt.)
>
> I am specifically looking for something that lets me focus on the Security
> incidents in the log (as (initially) shown by Scans). I have other logs that
> show me attempts against Bind, Syslog, SMTP etc, but the tools for Firewall-1
> seem to be focussed towards Mgmt & accounting, not security.
>
> I am hoping that someone has a perl script that they already use for this...
>
> Please note: I am currently receiving over 1,500,000 lines of (already abridged)
> logs each day, with an additional 5-10 million lines to come each day as soon as
> I get the log filter working correctly. This number will just grow over time,
> and I would not be surprised to be receiving 50-80 million lines per day within
> 12 months!
>
> Scott McHenry,
> Sys Eng / CSC
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
