Shorewall users - Jun 2003 - Log analyzers

I saw a recommendation on one of the SecurityFocus lists for a firewall log
analyzer called fwAnalog (a shell script based on  analog). Has anyone had
any experience with this program? Good, bad or otherwise.
I installled it onto one FW machine running shorewall 1.4.2 and it gave
pretty nice results, with pie charts in html pages, etc, straight away.

After all the grief that Tom had with Fireparser a few months back, I
hesitate to throw YALA (Yet Another Log Analyzer) into the ring. But this
one seems easy to run, and gives well organized data for all DROPed packets.

Cheers,
Micha


____________________________________________________
Quiet people aren''t the only ones who don''t say much. -
                        R. Baalke

I''ve been using fwAnalog on our router for the last couple of years,
and
I''ve been fairly happy with it (although I only get a couple thousand
blocked packets a day). I made a couple of tweaks when I installed it--to
report destination port rather than source port, and to report for the
previous day rather than the previous 24 hours--but that''s been about
it.
You can configure it pretty extensively, although you do have to translate
between fwAnalog fields and Analog field names (since Analog is geared
toward analyzing web logs).

I would like to see a log analyzer that does more _analysis_--for example,
I''d like to see the number of port scans yesterday, as well as
historical
trends and such. The log analyzers that I''ve seen have been more report
generators (like fwAnalog and Fireparse) than high-level analysis tools.
Every few months I decide that I''ll go off and write something myself
when I
have time, but that never seems to happen...

  - Bradey

-----Original Message-----
From: Micha Silver [mailto:Micha@arava.co.il]
Sent: Thursday, June 12, 2003 7:47 AM
To: shorewall-users@lists.shorewall.net
Subject: [Shorewall-users] Log analyzers


I saw a recommendation on one of the SecurityFocus lists for a firewall log
analyzer called fwAnalog (a shell script based on  analog). Has anyone had
any experience with this program? Good, bad or otherwise.
I installled it onto one FW machine running shorewall 1.4.2 and it gave
pretty nice results, with pie charts in html pages, etc, straight away.

After all the grief that Tom had with Fireparser a few months back, I
hesitate to throw YALA (Yet Another Log Analyzer) into the ring. But this
one seems easy to run, and gives well organized data for all DROPed packets.

Cheers,
Micha


____________________________________________________
Quiet people aren''t the only ones who don''t say much. -
                        R. Baalke


_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe:
http://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm