Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Why is log viewer so lame ?!

To: <[email protected]>, <[email protected]>
Subject: RE: [FW1] Why is log viewer so lame ?!
From: "Lars Troen" <[email protected]>
Date: Tue, 14 Aug 2001 16:42:08 +0200
Importance: Normal
In-reply-to: <3E3775F970FCDC72B1D8502187AA8@bktrdnt40>
Sender: [email protected]


If you see such entries dropped in your log, then you have a timed out
session. It's the reply packet that shows up in the log. If such a packet is
accepted, then your rule base should be cleaned up. (if you have a 'any'
service rule you might experience this)

Lars

-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
[email protected]
Sent: Monday, August 13, 2001 13:46
To: [email protected]
Subject: RE: [FW1] Why is log viewer so lame ?!



I don't trust the filtering at all. Several times I have seen a line in the
log, something like:

service   Source   Dest    S_Port
ftp       hostA    HostB   23312

The I have tried to filter on service=ftp. I got the message "No records
found" even if I started from the top and I knew there was several lines
like the example above.

Filtering on Source and Destination seem to work OK.

---
Jørn Yngve Dahl-Stamnes
EDB Teamco, Trondheim
[email protected]

> -----Original Message-----
> From: Lisa Lorenzin [mailto:[email protected]]
> Sent: 10. august 2001 15:43
> To: [email protected]
> Subject: Re: [FW1] Why is log viewer so lame ?!
>
>
>
> One "feature" of the log viewer is that if your display is
> showing entries towards the end of the logfile when you apply
> your selection, it will only show you selected items from
> that point on.  Whenever I apply a selection, the very next
> thing I do is hit the "Return to top" button.  It's amazing
> what shows up when you do that. :)
>
> Lisa
>
> Standard disclaimer:  the content of this message represents
> my personal views, not those of my employer.
>
> Lisa Lorenzin
> Information Security Consultant
> [email protected]
>
> >>> <[email protected]> 08/08/2001 10:56:43 >>>
>
> 2. Selection doesn't work half the time - select items I KNOW
> are there
> but doesn't bring them up - have to search by other methods eventually
>
>
>
>
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] Why is log viewer so lame ?!
  - From: [email protected]

Prev by Date: [FW1] SP4/IPSO 3.4 problem
Next by Date: RE: [FW1] firewall log messages
Previous by thread: RE: [FW1] Why is log viewer so lame ?!
Next by thread: RE: [FW1] Why is log viewer so lame ?!
Index(es):
- Date
- Thread