OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [fw-wiz] Reading firewall logs
From: Talisker (Taliskertechnologist.com)
Date: Mon May 01 2000 - 08:53:22 CDT

Alex

I've been looking at CMDS from ods.com (now intrusion.com) my first
impressions are good, I know it accepts logs from Cisco routers and FW-1 as
well as NT and Solaris. I haven't tried it on the former yet. Might I
suggest you download an eval and give it a whirl. If you do let me know
your feelings on the product. I have a bit more info on my website at
www.internations.net/uk/talisker look for Host based IDS, it's in there,
though please bear in mind that the info is from the vendor from before I
started looking at it.

The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.

----- Original Message -----
From: Alex Lim <mwlalexmagix.com.sg>
To: fwz <firewall-wizardsnfr.net>
Sent: Wednesday, April 26, 2000 4:21 AM
Subject: [fw-wiz] Reading firewall logs

> Hi,
>
> I am hoping to hear some enlightening comments on reading firewall logs.
> I am curious if people are actually doing it or is there some kind of
> tools that we can buy off the shelf. I dun think it's productive or
> efficient to ask an employee to spend a few hours reading the logs just
> to look out for anomalies.
>
> Anyone care to comment ? BTW I am referring to the Checkpoint FW-1 logs.
>
> TIA
> Alex Lim
>
>