Network Security: Detailed info on Re: Firewall Logs

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Firewalls

[Top] [All Lists]

Re: Firewall Logs

from [Dave Killion] Network Security

[Permanent Link]

Subject:	Re: Firewall Logs
Date:	Thu, 30 Sep 2004 14:34:27 -0700

NetScreen's, like most devices, have a finite amount of memory
allocated for the storing of logs.  When the log buffer gets full, the
oldest logs will spool off.  If some sort of external logging system
is not set up, these logs are lost for all time.

All policies share the same log buffer space.  If you have logging set
on a very active policy, it will quickly fill up the log, causing log
entries on other policies to spool off the backside.

I would recommend you set up some sort of external logging mechanism
such as syslog and save your log files to it.  This way, all of your
logs are always saved.

Another idea would be to turn off logging on your any/any policies,
and only turn logging on for policies where you're concerned about
violations.

-- 
-Dave

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Wierd ICMP in logs, Mark Re: Wierd ICMP in logs, GSimmonds ICMP timestamps (Re: Wierd ICMP in logs), Martin Mačok Re: ICMP timestamps (Re: Wierd ICMP in logs), GSimmonds Re: ICMP timestamps (Re: Wierd ICMP in logs), James Riden Re: Wierd ICMP in logs, Jose Maria Lopez Firewall Logs, Sumanram K Re: Firewall Logs, Dave Killion <= Re: Wierd ICMP in logs, Marius Huse Jacobsen Re: Wierd ICMP in logs, Can Erkin Acar

Previous by Date:	AAA authentication, Dan Tesch
Next by Date:	RE: PIX Setup with PAT, Bradley D. Moore
Previous by Thread:	Firewall Logs, Sumanram K
Next by Thread:	Re: Wierd ICMP in logs, Marius Huse Jacobsen
Indexes:	[Date] [Thread] [Top] [All Lists]