• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 423
  • Last Modified:

How to read a firewall log

Can you provide an example on how to read a firewall log.
0
mutec1
Asked:
mutec1
  • 2
  • 2
  • 2
2 Solutions
 
Alan Huseyin KayahanCommented:
             Hi mutec1
                  It depends on which firewall you have hardware or software?
               *Here is for windows firewall
http://technet2.microsoft.com/WindowsServer/en/library/00fb7df9-e11b-498a-a979-e2b37a6e2ff31033.mspx?mfr=true
              *For PIX firewall, enable logging by logging enable and use a syslog server and point that syslog server with following command
               logging host inside ipaddress    (or dmz)
         
0
 
mutec1Author Commented:
Its a pix firewall and I'd like to understand some the terms to see if the firewall is secure or not.  What has been permitted to pass or what is being denied.  If you have an example it would be great.
0
 
Alan Huseyin KayahanCommented:
               
                *If you use PDM or ASDM interface for PIX, then you may see logs in PDM/ASDM window, when you enable logging as i mentioned above.
                *Here is a detailed article for PIX logging http://www.ciscopress.com/articles/article.asp?p=424447&seqNum=2&rl=1
                *Below is a connection attempt log from one side to other denied by ACL.
%PIX-3-710003 {TCP | UDP} access denied by ACL from source_address/source_port to interface_name: dest_address/service
               *Here are more log messages http://safari.peachpit.com/1587051583/app02lev1sec3

Regards
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
mutec1Author Commented:
I'm going to be looking at a configuration file, as the user will not let me have a copy of the firewall rules. I want to make sure I can understand what I am seeing.  Would you be able to post a pix configuration file and go over some basics.

Thanks
0
 
rsivanandanCommented:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

The link above will show you various configuration samples, now what kind of environment is that you're looking at is something that I would not know.

Cheers,
Rajesh
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now