[unisog] sample NAT logs and analysis tools (OBSD- fp)

Russell Fulton r.fulton at auckland.ac.nz
Thu Apr 28 20:05:31 GMT 2005


Thanks to all who responded.  I had already figured out that the pf nat
logs were included in the general pflogs -- I should have made that
clear but thanks to those who pointed it out anyway!

On Thu, 2005-04-28 at 09:10 -0500, Chris Green wrote:

> > One of the things that I am considering is to not bother with the NAT
> > logs at all but instead run Argus <www.qosient.com> on the inside
> > interface of the firewall.
> 
> That would be good enough for most cases.  You might also have luck with
> pfflowd logging to a netflow collector.
> 
> Please post what your eventual solution will be :)

I'll almost certainly go with Argus -- the alternatives are just too
complicated with the exception of pfflowd is an acceptable alternative.
I have just ordered a new box with a big disk to handle the logs.  I am
also considering writing a cgi script that will provide a simple query
interface (for those who live in fear of command lines :) to access the
argus logs.

Cheers, Russell.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050429/fa286c38/smime.bin


More information about the unisog mailing list