It's still especially good with iptables, as I posted yesterday, as opposed to ipchains. The iptable rules can pick up far more flags than ipchains sets, and can record more chains than just ipchains target of deny or reject. On the whole, I believe you should really run it in conjunction with snort and snort_stat.pl to put your snort results into html, then you can really see what's been trying to get in and out of your network through a browser. At least one of the Top Level Domains uses this technique. All the best. On Friday 06 December 2002 17:43, Ed Coates wrote:
Quoting Olafur Gardarsson <oli@itn.is>:
To those who have some experience in working with/analyzing Firewall logs. Are there any software packages out there you can recommend?
Regards,
Oli
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
fwlogwatch is an excellent tool for analyzing firewall logs from either ipchains or iptables. It will also spit out html format files to view on a web page.
Ed
------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
------------------------------------------------------- -- Richard King Technical Director Generation Technology Ltd www.generationtechnology.co.uk +44(0)1702 433 975