-
May 9th, 2005, 06:37 AM
#1
Junior Member
Asking about Firewall Log
Hi guys, i'm newbie here...
i have problem about firewall report. what was the firewall generate for the report?in hour, days, month?
is there port, ip source? is there warning? can we know the user who pass our firewall from the firewall report?
sorry for this silly question, cause i dont understand, and i need all info about firewall report.
and sorry for my bad english....
-
May 9th, 2005, 09:15 AM
#2
It would be really, really, really helpfull if we knew what firewall and what OS you are running.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 9th, 2005, 10:24 AM
#3
I am assuming that this is a general question. Specific answers will depend on what you are running and how you have set it up.
You would expect to see:
Date & time
Protocol
Ports
Type (firewall/program)
Source & destination IP
Direction
Number of attempts
Program (if applicable)
Action taken (blocked/allowed)
Severity (perhaps)
is there warning? can we know the user who pass our firewall from the firewall report?
Depends how you set it up, yes you should get a warning, at least in the log. If you have set up the firewall to allow certain activities, or that is the default setting, then you probably won't see anything in the log.
That is not a hard and fast rule but is quite common to keep the size of the logs down. Also you might have separate activity monitoring and IDS?
If someone gets through your firewall, the chances are that it won't be in the log, because the firewall has failed. Activity monitoring and IDS may pick them up though.
Sorry for the rather general reply. If you need more you will have to answer SirDice's questions.
Also, are we talking about hardware or software firewalls. I have answered in terms of a software one.
-
May 10th, 2005, 05:43 AM
#4
Junior Member
Originally posted here by SirDice
It would be really, really, really helpfull if we knew what firewall and what OS you are running.
SirDice,actually i asking in general firewall (all firewall).For my college task about firewall report.I have 4 different firewall in my task, Checkpoint Firewall-1 with Nokia IP440, Microsoft IIS, Norton Firewall, and Linux Firewall.And i'm confuse, because i neither use those firewall.
I hope you can understand the words.Thanks In Advance
-
May 10th, 2005, 10:03 AM
#5
Ehhmm. Microsoft IIS is not a firewall but a webserver. I think you mean ISA.
Reading the documentation of those firewalls will tell you what they're logging and what's possible with them. They all have their own way of doing things.
Oliver's Law:
Experience is something you don't get until just after you need it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|