OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: analyzing firewall logs in a database

Re: analyzing firewall logs in a database

Csiri (Csirikatherine.nepszabadsag.hu)
Tue, 16 Feb 1999 16:49:32 +0100

-----Original Message-----
From: Don Turnbull <donturnfis.utoronto.ca>
To: Firewall-wizards <firewall-wizardsnfr.net>
Date: 1999. február 16. 4:22
Subject: analyzing firewall logs in a database

>Hi,
>
>Being relatively new to working with firewalls (but learning a lot by
>listening to posts!), I'd like to ask if anyone has experience importing
>log files into a database for more sophisticated querying than current

>analysis programs (I'm thinking WebTrends, HitList, and Telemate). I

>know Raptor has a "flatten" utility, but am looking for battle stories
>about it or other tools that might be around.
>
>thanks,
>
>
>--
>-------------------------
>Don Turnbull
>donturnfis.utoronto.ca
>http://donturn.fis.utoronto.ca/

Logging to file is much better (so faster) than logging to a database
(directly).
If you have a good analyzer program it's no matter how the data stored, but
if you don't have unnecessary free disk space it's not a good idea to keep
logfiles in their original form.
If you have free capacity for that, I suggest to make your own querying
tool,
based on your own designed database where only the wanted data get into.
Don't forget to store the data as briefly as you can.
(E.g. You can store the request type as "GET", "POST", "HEAD", but you
 can store as 0, 1, 2 too.)
I know only WebTrends from the above analyzers, it's really stupid and very-
very slow.
Bye

Csiri

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:09 CDT