[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Nokia and log manipulation
I have used Snort via Razorback. And it does not correleate the data that would be needed for attack patterns. Something that has a capability to recreate attack patterns to determine what was comprimised.. Snort doesnt do this yet, unless I can configure it do to that for me. I checked out E-Security as well.. nope they don't have this full-feature either. I'll take a look at WebTrends... Thanks for you hint...!!! Mailing list for discussion of Firewall-1 <[email protected]> wrote: > Nokia and log manipulation Personally I would stick with Webtrends to analyse the firewall logs. If you are looking to detect attack sequences however, there is no easy way...you need an IDS....you can try a freeware like SNORT which has amazing capabilities. -----Original Message----- > From: Nick Ellenden [mailto:[email protected]] > Sent: Wednesday, October 31, 2001 10:26 PM > To: [email protected] > Subject: Re: [FW-1] Nokia and log manipulation > > Hi, I don't work for OpenService (which is OPSEC compliant), but to toot their horn a little, you can configure the filter rules in OpenService to parse the data as you wish this could then be used to re-create such paths, although most reasonable attackers will spoof or otherwise obscurant their own trail. You might also want to check out e-Security Inc products, they may have evolved a processing approach as well now. Bestest, nick -----Original Message----- > From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Wesley Maness > Sent: 01 November 2001 04:43 > To: [email protected] > Subject: Re: [FW-1] Nokia and log manipulation > > To All: Can anyone suggest a product (working in cohoots with FW-1 and others, either via OPSEC or other means) that can parse large amounts of logs(fw logs) and recreate attack sequences (their paths) etc ? Thanks... -----Original Message----- > From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Nick Ellenden > Sent: Wednesday, October 31, 2001 3:34 AM > To: [email protected] > Subject: Re: [FW-1] Nokia and log manipulation > > Hi, You might want to check out OpenService, they also make an agent server system which also works on Solaris and Windows for FW1, it can also parse and process the system logs as well. Bestest, nick -----Original Message----- > From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Tim Holman > Sent: 30 October 2001 22:05 > To: [email protected] > Subject: Re: [FW-1] Nokia and log manipulation > > Webtrends ? -----Original Message----- > From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Sam Denton > Sent: 23 October 2001 10:21 > To: [email protected] > Subject: [FW-1] Nokia and log manipulation > > <P>Is there anyway to manipulate log file data on the Nokia Platform (IP330 running FW-1 4.1 SP4) <P>Thanks <P>Sam > > ********************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote also confirms that this email message has been swept by > Dimension Data mail system for the presence of computer viruses. > > www.uk.didata.com > ********************************************************************** > =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|