Thread: Firewall Log monitoring
View Single Post
  #1 (permalink)  
Old 2007-01-08
yogi_ccse yogi_ccse is offline
Member
  
Join Date: 2006-11-08
Posts: 55
Rep Power: 3
yogi_ccse has an average reputation (10+)
Default Firewall Log monitoring
Hi,

I am monitoring FW logs from last few weeks based on following :-
1. Packet drops: Reason for their drop, Rule (clean up, stealht rule or any other rule) & chekc with the concerned for their reason to reduce noise.
2. Port scanning attempt on FW
3. Address spoofing messages if any.
4. Smartdefense entries (thoughw e have not configured it fully)
5. Firewall Changes done in a months time and they are complaint or not.i.e Firewall change request was raised or not.
6. Admin/other user login success/failure

but How can we ehance FW log monitoring, we've configured fwlogsum.
but how to detect port scanning in logging (I've enabled in smartdefense), and other malicious traffic details, like virus etc.

Any suggesions are welcomed.
thx
Yogi
Reply With Quote