NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Best practices for LOG rotation and management



Greetings!

> > I've also found it to be a little cumbersome to sift
> > through a log and 'pick
> > out' only events captured from FW-acbxyf. So is it
> > better to have all
> > Firewalls log to the Management Console or log
> > indepentantly, then perform
> > the logswitch / logexport / ftp to archive from each
> > Firewall?

I found it very convenient to have all logs (no matter wether FW, proxy, Webserver)
archived off in (gzipped) plain ASCII format after a they became older than ~two
weeks - possibly to CD-Rs.  With this you can easily run statistics on them (most
tools can import ASCII data) or do a late-analysis on your local workstation.

So if you prefer doing analysis in CKPs LogViewer, you may want to opt for logging
on(to) the central Mgmt console - but if you prefer Unix text tools (mainly (f)grep
and cut, sometimes perl), I'd recommend the second suggestion. With the latter you
autimatically have your files sorted by machine for archiving them off - which might
become a bit more difficult if you first collect them on a single Mgmt box.

Bye
    Volker

--

Volker Tanger  <[email protected]>
 Wrangelstr. 100, 10997 Berlin, Germany
    DiSCON GmbH - Internet Solutions
         http://www.discon.de/




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.