From owner-freebsd-questions@FreeBSD.ORG Mon Sep 13 16:25:01 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B31216A4CE for ; Mon, 13 Sep 2004 16:25:01 +0000 (GMT) Received: from zcamail04.zca.compaq.com (zcamail04.zca.compaq.com [161.114.32.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 39ED643D62 for ; Mon, 13 Sep 2004 16:25:01 +0000 (GMT) (envelope-from jason.sheets@hp.com) Received: from cacexg12.americas.cpqcorp.net (cacexg12.americas.cpqcorp.net [16.92.1.72]) by zcamail04.zca.compaq.com (Postfix) with ESMTP id 021202AA9; Mon, 13 Sep 2004 09:25:01 -0700 (PDT) Received: from idbexc01.americas.cpqcorp.net ([16.88.97.3]) by cacexg12.americas.cpqcorp.net with Microsoft SMTPSVC(6.0.3790.0); Mon, 13 Sep 2004 09:24:47 -0700 x-mimeole: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Mon, 13 Sep 2004 10:26:31 -0600 Message-ID: <2D8BB15C7B5C214F81C32D3A83B3273601186362@idbexc01.americas.cpqcorp.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: IPFILTER - Understanding log entries Thread-Index: AcSZnvVFeBb8KNltS2qQ8Y6ambpJSQADxqPA From: "Sheets, Jason (OZ CEEDR)" To: , X-OriginalArrivalTime: 13 Sep 2004 16:24:47.0606 (UTC) FILETIME=[2FA72960:01C499AE] Subject: RE: IPFILTER - Understanding log entries X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Sep 2004 16:25:01 -0000 If your log is too large I'd carefully evaluate which rules are logging. >From the goole search: firewall log parsing I received the following interesting results: http://www.aetdata.com/tracer/firewalllogtutorial.html talks about parsing firewall logs http://www.dixongroup.net/hatchet/ is a tool for parsing OpenBSD PF logs, > -----Original Message----- > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd- > questions@freebsd.org] On Behalf Of Darryl Hoar > Sent: Monday, September 13, 2004 8:13 AM > To: freebsd-questions@freebsd.org > Subject: IPFILTER - Understanding log entries >=20 > Greetings, > I have a machine installed with Freebsd & IPFILTER. > The machine is setup as a firewall. >=20 > The log files generated are large. First, is there a > tutorial or tool that will process the log file and show > what the threat is ? (if there is one). >=20 > Also, how do others handle the volume of entries in > the log file ? >=20 > thanks, > Darryl >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org"