On Friday, October 11, 1996 9:15 AM, Ikoedem
Moses[SMTP:moses @
mail .
state .
mo .
us] wrote:
>Does anyboy have any comments about IBM SNG with regards to logging.
I can't give you any unbiased opinions about SNG's logging, but I can give
you some facts. At the packet filtering level, SNG has the ability to log
all permits and denies in the filter rules database. It logs
source/destination address and port, type of IP traffic (tcp, tcp/ack, udp,
icmp, ospf -- and has the option of listing the numeric equivalent for
newer or future protocols) as well as the type and code for protocols like
icmp. It also filters and logs fragmented packets, as well as which adapter
is receiving the packet and in which direction the packet is travelling
(whether it is inbound on that adapter, or outbound), and it logs whether
the packet is being routed between interfaces or is local to the machine
(destination is the firewall).
With the SOCKS technology, SNG can log permits and denies based on the S
OCKS rule database, including things like source/destination address, ports
as well as user authentication via identd (not so useful these days but
it's there).
SNG uses the syslogd subsystem which can be configured to log to an
external machine/device. It keeps track of user authentication failures, as
well as all proxy user login's, su's to root, etc. The mail subsystem can
also be configured to log to syslogd and will keep track of all
incoming/outgoing mail. There is also an archiving utility which configures
a cron job to be run every night to backup and archive logs according to
your specifications (daily, weekly, etc).
Hope this helps and if you have any other questions, feel free to mail me.
--
Gene Lee
genel @
inforamp .
net
genelee @
vnet .
ibm .
com
|
|
