I don't think its "just a log parser". From what I understand, it processes new log
entries in realtime.
It requires the ELA proxy as a result, and I remember something about CADS...but I
don't think
it was very usefull in practice.
Another reason to keep the ELA proxy turned on (assuming you want MAD sending you
pages etc)
----- Original Message -----
From: "Drew Simonis" <[EMAIL PROTECTED]>
To: "Carl E. Mankinen" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, October 31, 2000 3:38 PM
Subject: Re: [FW1] MAD?
>
> "Carl E. Mankinen" wrote:
> >
> > From I was told, it builds table entries of it's own for all the connections thru
>the firewall and
> > works somewhat independently of the inspect engine. It also hooks into the logging
>daemon
> > and detects log entries.
> >
>
> IIRC CPMAD is a simple log parser. It does no more than go through
> logged events and apply the criteria to them, looking for things
> that meet its settings. Nothing exciting to it. As far as its
> picky config file and the odd memory issues, I was told the same
> thing.
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
