Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Checkpoint NG FP2 to syslog

from [Deepak Kumar] Network Security [Permanent Link]
Subject: Re: Checkpoint NG FP2 to syslog
Date: Thu, 14 Apr 2005 19:02:45 +0800 
Hi
Please have a look on this article.

http://www.syslog.org/PNphpBB2+viewtopic-t-118.phtml

deepak


On 4/11/05, Volker Tanger <vtlists@wyae.de> wrote:

Greetings!

On Fri, 08 Apr 2005 16:13:24 +0800
"tito.basa" <mochafrap@mix.ph> wrote:


been trying to figure out how to send logs
from Checkpoint NG FP2 (solaris) to a central
syslog/analyzer to no avail


Of course you can forward the (local) syslog to a remote syslog server -
but I guess you wanted to include the firewall logs, too?

Well, bad luck. Not supported by default.

There are two ways around this, though:

One is to export the log at the end of every day and file that into
syslog. But this way you won't get any live logging (what you probably
want).

The other option is to "log" everything with a user defined script.
While introducing some server load with this (a program is fired up with
every single session opened or packet dropped), you can file the logs
into syslog. See http://www.wyae.de/docs/fw1syslog.php for details.

I'm not sure wether the "logger" tool is the same on Solaris polatforms,
though. Please check with a test entry before switching in a productive
environment.

Bye

Volker

--

Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists@wyae.de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  NAT with out crossing a firewall., Matthew MacAulay
Next by Date:  Firewall Rulebase Testing, Yoanne LE MERCIER
Previous by Thread:  Re: Checkpoint NG FP2 to syslog, tito.basa
Next by Thread:  CISCO PIX problem, yogeen
Indexes:  [Date] [Thread] [Top] [All Lists]