Greetings!
Some thoughts about LOG rotation and management.
We have an Enterprise Management Console running on a WIN2K Server platform.
It currently manages five Firewalls, number six is on order. These Firewalls
are all NOKIA platforms (a mix of 440s and 330s) that are both on permise
and remote. All gear is FW-1 4.1 SP2, IPSO 3.2.1-fcs1 on all NOKIA boxes.
Now here's where I'm looking for input. Managing five Firewalls leads to
LARGE log files. If I logswitch daily, would it be better to archive the
*.*LOG and *.*LOGPTR files for 'research' purposes or logexport them to a
comma delimited file and do 'research' through a speadsheet or database
utility?
I've also found it to be a little cumbersome to sift through a log and 'pick
out' only events captured from FW-acbxyf. So is it better to have all
Firewalls log to the Management Console or log indepentantly, then perform
the logswitch / logexport / ftp to archive from each Firewall?
I'd love to hear your thoughts and 'landmines' that you've encountered with
the LOGs.
Thanks for any input.
JEH
______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
