[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Best practices for LOG rotation and management
Greetings! Some thoughts about LOG rotation and management. We have an Enterprise Management Console running on a WIN2K Server platform. It currently manages five Firewalls, number six is on order. These Firewalls are all NOKIA platforms (a mix of 440s and 330s) that are both on permise and remote. All gear is FW-1 4.1 SP2, IPSO 3.2.1-fcs1 on all NOKIA boxes. Now here's where I'm looking for input. Managing five Firewalls leads to LARGE log files. If I logswitch daily, would it be better to archive the *.*LOG and *.*LOGPTR files for 'research' purposes or logexport them to a comma delimited file and do 'research' through a speadsheet or database utility? I've also found it to be a little cumbersome to sift through a log and 'pick out' only events captured from FW-acbxyf. So is it better to have all Firewalls log to the Management Console or log indepentantly, then perform the logswitch / logexport / ftp to archive from each Firewall? I'd love to hear your thoughts and 'landmines' that you've encountered with the LOGs. Thanks for any input. JEH ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|