From: Balázs Bárány (balazs~AT~tud.at)
Date: Thu Sep 11 2003 - 23:34:03 CEST
> I was wondering which logformat I could use, if any would be
Probably none of the existing ones. There are apparently thousands of possibilities a firewall can log its data, so if your system is not explicitly supported, then it is most likely unsupported.
Also, your firewall seems to resolve remote addresses. Fwanalog requires IP addresses. Also, name resolution during logging is a bad idea; an attacker can send you a large number of short packets with spoofed random sender addresses; your firewall will then DOS itself with the name resolution attempts.
-- _________________________________________________________________________ Balázs Bárány balazs~AT~tud.at http://tud.at ICQ 10747763 A good engineer will make considerable effort to avoid additional effort.
This archive was generated by hypermail 2.1.5 : Fri Sep 12 2003 - 01:02:03 CEST