Greetings!
> > I've also found it to be a little cumbersome to sift
> > through a log and 'pick
> > out' only events captured from FW-acbxyf. So is it
> > better to have all
> > Firewalls log to the Management Console or log
> > indepentantly, then perform
> > the logswitch / logexport / ftp to archive from each
> > Firewall?
I found it very convenient to have all logs (no matter wether FW, proxy, Webserver)
archived off in (gzipped) plain ASCII format after a they became older than ~two
weeks - possibly to CD-Rs. With this you can easily run statistics on them (most
tools can import ASCII data) or do a late-analysis on your local workstation.
So if you prefer doing analysis in CKPs LogViewer, you may want to opt for logging
on(to) the central Mgmt console - but if you prefer Unix text tools (mainly (f)grep
and cut, sometimes perl), I'd recommend the second suggestion. With the latter you
autimatically have your files sorted by machine for archiving them off - which might
become a bit more difficult if you first collect them on a single Mgmt box.
Bye
Volker
--
Volker Tanger <[EMAIL PROTECTED]>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
