[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] MAD?
I don't think its "just a log parser". From what I understand, it processes new log entries in realtime. It requires the ELA proxy as a result, and I remember something about CADS...but I don't think it was very usefull in practice. Another reason to keep the ELA proxy turned on (assuming you want MAD sending you pages etc) ----- Original Message ----- From: "Drew Simonis" <[email protected]> To: "Carl E. Mankinen" <[email protected]> Cc: <[email protected]>; <[email protected]> Sent: Tuesday, October 31, 2000 3:38 PM Subject: Re: [FW1] MAD? > > "Carl E. Mankinen" wrote: > > > > From I was told, it builds table entries of it's own for all the connections thru the firewall and > > works somewhat independently of the inspect engine. It also hooks into the logging daemon > > and detects log entries. > > > > IIRC CPMAD is a simple log parser. It does no more than go through > logged events and apply the criteria to them, looking for things > that meet its settings. Nothing exciting to it. As far as its > picky config file and the odd memory issues, I was told the same > thing. > > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|