How to read a firewall log

Can you provide an example on how to read a firewall log.
mutec1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan Huseyin KayahanCommented:
             Hi mutec1
                  It depends on which firewall you have hardware or software?
               *Here is for windows firewall
http://technet2.microsoft.com/WindowsServer/en/library/00fb7df9-e11b-498a-a979-e2b37a6e2ff31033.mspx?mfr=true
              *For PIX firewall, enable logging by logging enable and use a syslog server and point that syslog server with following command
               logging host inside ipaddress    (or dmz)
         
0
mutec1Author Commented:
Its a pix firewall and I'd like to understand some the terms to see if the firewall is secure or not.  What has been permitted to pass or what is being denied.  If you have an example it would be great.
0
Alan Huseyin KayahanCommented:
               
                *If you use PDM or ASDM interface for PIX, then you may see logs in PDM/ASDM window, when you enable logging as i mentioned above.
                *Here is a detailed article for PIX logging http://www.ciscopress.com/articles/article.asp?p=424447&seqNum=2&rl=1
                *Below is a connection attempt log from one side to other denied by ACL.
%PIX-3-710003 {TCP | UDP} access denied by ACL from source_address/source_port to interface_name: dest_address/service
               *Here are more log messages http://safari.peachpit.com/1587051583/app02lev1sec3

Regards
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

mutec1Author Commented:
I'm going to be looking at a configuration file, as the user will not let me have a copy of the firewall rules. I want to make sure I can understand what I am seeing.  Would you be able to post a pix configuration file and go over some basics.

Thanks
0
rsivanandanCommented:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

The link above will show you various configuration samples, now what kind of environment is that you're looking at is something that I would not know.

Cheers,
Rajesh
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.