Re: (PM) Firewall IRX log analysis tools?

Thomas C Kinnen (tom@lcp.livingston.com)
Thu, 2 Jul 1998 10:50:27 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Brian Elfert: "(PM) Busy out one T1 on PM3?"
Previous message: Thomas C Kinnen: "Re: (PM) Modem not answering"
Maybe in reply to: John Pierson: "(PM) Firewall IRX log analysis tools?"

>and local network connections. I've setup the filters to trigger log
>messages on some denial events to a separate syslog host.
>I am looking for some tools to assist me in analyzing this log file, to
>detect possible security problems I should be aware of (such as someone
>attempting to hit one of my hosts 800 times one night). Are there any
>tools out there to assist me???

You can set up your pm to log the packets to one of the local facilities and
in you syslogd setup put those to a different file for packet log only. You
can then use grep on that file for keywords.

Radius ABM has the best syslog server I've seen and lets you query out just
about anything in the syslog.

----
Thomas C Kinnen - <tom@lcp.livingston.com>
[Test Engineer - Radius ABM] - LUCENT Technologies RABU
<URL:http://www.livingston.com/> * <URL:http://www.lucent.com/dns/>

-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

Next message: Brian Elfert: "(PM) Busy out one T1 on PM3?"
Previous message: Thomas C Kinnen: "Re: (PM) Modem not answering"
Maybe in reply to: John Pierson: "(PM) Firewall IRX log analysis tools?"