Asking about Firewall Log
Results 1 to 5 of 5

Thread: Asking about Firewall Log

  1. #1
    Junior Member
    Join Date
    May 2005
    Posts
    3

    Question Asking about Firewall Log

    Hi guys, i'm newbie here...

    i have problem about firewall report. what was the firewall generate for the report?in hour, days, month?
    is there port, ip source? is there warning? can we know the user who pass our firewall from the firewall report?

    sorry for this silly question, cause i dont understand, and i need all info about firewall report.
    and sorry for my bad english....

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    It would be really, really, really helpfull if we knew what firewall and what OS you are running.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    I am assuming that this is a general question. Specific answers will depend on what you are running and how you have set it up.

    You would expect to see:

    Date & time
    Protocol
    Ports
    Type (firewall/program)
    Source & destination IP
    Direction
    Number of attempts
    Program (if applicable)
    Action taken (blocked/allowed)
    Severity (perhaps)

    is there warning? can we know the user who pass our firewall from the firewall report?
    Depends how you set it up, yes you should get a warning, at least in the log. If you have set up the firewall to allow certain activities, or that is the default setting, then you probably won't see anything in the log.

    That is not a hard and fast rule but is quite common to keep the size of the logs down. Also you might have separate activity monitoring and IDS?

    If someone gets through your firewall, the chances are that it won't be in the log, because the firewall has failed. Activity monitoring and IDS may pick them up though.

    Sorry for the rather general reply. If you need more you will have to answer SirDice's questions.

    Also, are we talking about hardware or software firewalls. I have answered in terms of a software one.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    Junior Member
    Join Date
    May 2005
    Posts
    3
    Originally posted here by SirDice
    It would be really, really, really helpfull if we knew what firewall and what OS you are running.
    SirDice,actually i asking in general firewall (all firewall).For my college task about firewall report.I have 4 different firewall in my task, Checkpoint Firewall-1 with Nokia IP440, Microsoft IIS, Norton Firewall, and Linux Firewall.And i'm confuse, because i neither use those firewall.

    I hope you can understand the words.Thanks In Advance

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Ehhmm. Microsoft IIS is not a firewall but a webserver. I think you mean ISA.
    Reading the documentation of those firewalls will tell you what they're logging and what's possible with them. They all have their own way of doing things.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •