syslog realtime analyzer

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Hi to all
I'm looking for a I.D.S. or a configurable log analyzer who can acquire
syslog from a firewall (actually I'm using a netgear's FR114P).
I've tried with kiwi syslog analyzer, but my goal is not only to collect
log, but possibly to signal when a strange activity is reported (a ping, a
simple, isolated portscan or an attempt to establish a connection can be
considered a "normal" noise in internet, 10 portscan or something other
repetitive can be considered a "real" attack).

Now with kiwi syslog a complete portscan realize 65000 logs... really not
friendly. The optimum can be a pop-up who tells me there is an attack from
an IP, or something similar.

Can you help me?
Thank you very Much
Michele

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

I haven't ever used it myself, but a quick Google search on the keywords
firewall, log, analyzer, netgear, and fr114p turned up this:

http://www.linklogger.com/

It's $49.95 for your device, but you can try it free first to see if you
like it.

Maybe someone else familiar with that device can also reference
something free.

Or if you have the time, just Google on something less restrictive (like
leave out "fr114p" and "netgear" from the search). There are tons of
firewall log analyzer programs out there - Link Logger was just the one
that explicitly referenced your device model number.

Hope this helps. Good luck.

- DPR


> Hi to all
> I'm looking for a I.D.S. or a configurable log analyzer who can acquire
> syslog from a firewall (actually I'm using a netgear's FR114P).
> I've tried with kiwi syslog analyzer, but my goal is not only to collect
> log, but possibly to signal when a strange activity is reported (a ping, a
> simple, isolated portscan or an attempt to establish a connection can be
> considered a "normal" noise in internet, 10 portscan or something other
> repetitive can be considered a "real" attack).
>
> Now with kiwi syslog a complete portscan realize 65000 logs... really not
> friendly. The optimum can be a pop-up who tells me there is an attack from
> an IP, or something similar.
>
> Can you help me?
> Thank you very Much
> Michele
>

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

In data Fri, 14 May 2004 15:20:08 -0600, DP Roberts ha scritto:

> I haven't ever used it myself, but a quick Google search on the keywords
> firewall, log, analyzer, netgear, and fr114p turned up this:
>
> http://www.linklogger.com/
>
> It's $49.95 for your device, but you can try it free first to see if you
> like it.
>
> Maybe someone else familiar with that device can also reference
> something free.
>
> Or if you have the time, just Google on something less restrictive (like
> leave out "fr114p" and "netgear" from the search). There are tons of
> firewall log analyzer programs out there - Link Logger was just the one
> that explicitly referenced your device model number.
>
> Hope this helps. Good luck.
>
> - DPR
>
>
Thank you, but I'm using yet linklogger. It's a good program but it has
some limitations: first I can't create a remote control of log (i can only
send e-mail notification).
I'm looking for a configurable program which can receive syslog string and
analyze them from a remote site, so linklogger isn't the right solution.
Thank you
Michele