[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Best practices for LOG rotation and management
Greetings! > > I've also found it to be a little cumbersome to sift > > through a log and 'pick > > out' only events captured from FW-acbxyf. So is it > > better to have all > > Firewalls log to the Management Console or log > > indepentantly, then perform > > the logswitch / logexport / ftp to archive from each > > Firewall? I found it very convenient to have all logs (no matter wether FW, proxy, Webserver) archived off in (gzipped) plain ASCII format after a they became older than ~two weeks - possibly to CD-Rs. With this you can easily run statistics on them (most tools can import ASCII data) or do a late-analysis on your local workstation. So if you prefer doing analysis in CKPs LogViewer, you may want to opt for logging on(to) the central Mgmt console - but if you prefer Unix text tools (mainly (f)grep and cut, sometimes perl), I'd recommend the second suggestion. With the latter you autimatically have your files sorted by machine for archiving them off - which might become a bit more difficult if you first collect them on a single Mgmt box. Bye Volker -- Volker Tanger <[email protected]> Wrangelstr. 100, 10997 Berlin, Germany DiSCON GmbH - Internet Solutions http://www.discon.de/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|