From owner-freebsd-questions@freebsd.org  Sun Jul 11 12:13:47 2021
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0F06C6667B3
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Sun, 11 Jul 2021 12:13:47 +0000 (UTC)
 (envelope-from kkchn.in@gmail.com)
Received: from mail-pg1-x52f.google.com (mail-pg1-x52f.google.com
 [IPv6:2607:f8b0:4864:20::52f])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4GN5Qy1pcmz4nk7
 for <freebsd-questions@freebsd.org>; Sun, 11 Jul 2021 12:13:46 +0000 (UTC)
 (envelope-from kkchn.in@gmail.com)
Received: by mail-pg1-x52f.google.com with SMTP id h4so15105724pgp.5
 for <freebsd-questions@freebsd.org>; Sun, 11 Jul 2021 05:13:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=SZRrKq4ZMrxEdfQcYEhITxhncbslW9K2HOXhEE3vSTU=;
 b=UM3qzaGr6dmmueNgJMgCLVOKKX9zvchKxF4ziDuy0yLG72yS0AM+M4+12A8vKalakA
 M0K3A5jfD4R8rASwo55Pr6560rFkbBpIGQRysfNDXX5YyyhVL3PYceDMfQZQXHFd702+
 zyfiy8WsvFt0K6coDeBc0mkKBuo6aPBDe89rO/6MAa6qvWrQHwlWuN9S+uuPCoPnHW3z
 hNRD0XnKQvNcggTrsvh8UzgMzYjfSKRhJJPCv8TK/1oPvSNE1tpS8x0V7T1l0SD0UKFs
 1Xiju4NNehXV4XcXxpl9NtbydVB9aCyHOpfdvvEIC9tZG+usowarzER3mWj+mnoQr7LZ
 /+lg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=SZRrKq4ZMrxEdfQcYEhITxhncbslW9K2HOXhEE3vSTU=;
 b=mSwG9agc4ad0MeTLrMwABLE62mULYeDB4aF/xql/8r49KjSGSRWDwHBwcDBQH7mGa9
 GxXdo+B3VOlxGVp3BjWom8iA0LZsFUO6QubkVDTa/hcnwPQokohfe+zrIlwy/JoFS44P
 OOKrTVsIO4X0LE/mxDpvcd69AwtxGFoD80MYInXMINVtTVG5x4D+/o1oXPkuA7Al0DHu
 ecxBxiNXm536PmxrVjQ1xDlfprCWNEA8QfVbj73sXj0t1yAx5DhQFfUH9sxloLreayNM
 cLbFT4d5Ck3J9UgrUZArRzMWUDU7AjDeS23GCShPADrh+9g6TJH/pgZn4rRipriYWxGZ
 XeTg==
X-Gm-Message-State: AOAM531e/KKAoWYqWAVFQsf9EDtUq0iy6ouemf6owbTFioIWfd3nkdhp
 iB05/cVpuCSUNpYCrWyOZghVqeLaPfYB6CtCmAagWSbq4pZNhg==
X-Google-Smtp-Source: ABdhPJyGGXsSKd53XlhWHawxYEgwNzzPZbl/ESG3/hVwjy0lkFDXvQYWg3t24qXrGQ0OLZn8uGl/B2+uXsrsYCQ34f8=
X-Received: by 2002:a63:d211:: with SMTP id a17mr47980072pgg.265.1626005624230; 
 Sun, 11 Jul 2021 05:13:44 -0700 (PDT)
MIME-Version: 1.0
From: KK CHN <kkchn.in@gmail.com>
Date: Sun, 11 Jul 2021 17:43:28 +0530
Message-ID: <CAKgGyB_TJrLWSjcnc9491Gg0Q5CLqLdmWx2yga_Ez7-gE6YcKQ@mail.gmail.com>
Subject: Analyzing Log files of very large size
To: freebsd-questions <freebsd-questions@freebsd.org>
X-Rspamd-Queue-Id: 4GN5Qy1pcmz4nk7
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=UM3qzaGr;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of kkchnin@gmail.com designates
 2607:f8b0:4864:20::52f as permitted sender) smtp.mailfrom=kkchnin@gmail.com
X-Spamd-Result: default: False [-0.06 / 15.00];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c];
 FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_ALL(0.00)[];
 DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~];
 RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::52f:from];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
 ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025];
 FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 NEURAL_HAM_LONG(-0.98)[-0.985];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org];
 NEURAL_SPAM_MEDIUM(0.96)[0.960]; RCPT_COUNT_ONE(0.00)[1];
 SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::52f:from:127.0.2.255];
 NEURAL_SPAM_SHORT(0.97)[0.968];
 RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::52f:from];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 MAILMAN_DEST(0.00)[freebsd-questions]
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Jul 2021 12:13:47 -0000

List,

I am in a requirement to analyze large log files of sonic wall firewall
around 50 GB. for a suspect attack.

What tools and solutions need to be deployed for handling this much large
files and pls enlighten me with your expertise and reference materials if
any.

All are tcp / ip communications, DNS UDP transports ..

Regards,
Kris