[unisog] sample NAT logs and analysis tools (OBSD- fp)
r.fulton at auckland.ac.nz
Thu Apr 28 20:05:31 GMT 2005
Thanks to all who responded. I had already figured out that the pf nat
logs were included in the general pflogs -- I should have made that
clear but thanks to those who pointed it out anyway!
On Thu, 2005-04-28 at 09:10 -0500, Chris Green wrote:
> > One of the things that I am considering is to not bother with the NAT
> > logs at all but instead run Argus <www.qosient.com> on the inside
> > interface of the firewall.
> That would be good enough for most cases. You might also have luck with
> pfflowd logging to a netflow collector.
> Please post what your eventual solution will be :)
I'll almost certainly go with Argus -- the alternatives are just too
complicated with the exception of pfflowd is an acceptable alternative.
I have just ordered a new box with a big disk to handle the logs. I am
also considering writing a cgi script that will provide a simple query
interface (for those who live in fear of command lines :) to access the
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050429/fa286c38/smime.bin
More information about the unisog