Logging outgoing/incomming address'

Hi all,
How or what program can I use to log all outgoing and incomming
address' simular to the one that was on Atguard firewall. The
firewall no longer logs using XP.

Thanks for any suggestions,
George

george

george wrote:

> Hi all,
> How or what program can I use to log all outgoing and incomming
> address' simular to the one that was on Atguard firewall. The
> firewall no longer logs using XP.
>
> Thanks for any suggestions,
> George


I am not sure if linux/BSDs are your thing but they can do it with a simple
"log" command. If you use syslog you can also archive the data. And if you
are really fancy, you can import the data in MySQL...and if you are...well,
i guess that is enough for today.

Michael

Michael J. Pelletier

Thanks Michael

I found a program called Quick System
toos. It is a port monitor. While it doesn't make a log, it does
show connections in real time. It gives me a chance to make
corrections in the hosts file.

George
On Mon, 28 Feb 2005 21:33:53 -0800, "Michael J. Pelletier"
<> wrote:

>george wrote:
>
>> Hi all,
>> How or what program can I use to log all outgoing and incomming
>> address' simular to the one that was on Atguard firewall. The
>> firewall no longer logs using XP.
>>
>> Thanks for any suggestions,
>> George
>
>
>I am not sure if linux/BSDs are your thing but they can do it with a simple
>"log" command. If you use syslog you can also archive the data. And if you
>are really fancy, you can import the data in MySQL...and if you are...well,
>i guess that is enough for today.
>
>Michael

george

Michael J. Pelletier wrote:
> george wrote:
>
>
>>Hi all,
>>How or what program can I use to log all outgoing and incomming
>>address' simular to the one that was on Atguard firewall. The
>>firewall no longer logs using XP.
>>
>>Thanks for any suggestions,
>>George


The Symantec Firewall logs all completed and blocked connections,
inbound or outbound, identifies blocked content, Intrusion detection
triggers, Blocked and allowed privacy information (type of release and
to whom), IP logs including all local dynamic and static IP's that have
been used when, logs all firewall configuration and status changes,
Historical web history, and user and system defined alerts and which
rule triggered the alert. These are separate logs and log max size is
user defined. Logs rollover once max size is reached (problematic for
archiving as duplicate data is assured when logs are backed up. While
this deficiency is not unique I am not sure I need to duplicate the data
on my incremental |

You can also enable the XP ICF to log.

To enable the XP firewall logging:
- Start - Control Panel - Network Connections
- Right click on your current active network or dial-up connection and
choose properties
- Click on the Advanced Tab and check the box under Internet Connection
Firewall
- At the bottom of the same page click on the Settings button
- Under Security Logging check both boxes
- Under Log File Options leave the default path alone
- Under size you can change the max size of the file if so desired.

There are a number of free log review and analysis utilities that makes
the log review less painful on the net. The XP ICF uses the extended
log file format established by the WC3. Any viewer that is capable of
reviewing this format may be used.

If you choose this route, learn to use the manual methods (using msi,
policy or script) to control the XP ICF configuration. The standard MS
simplified interface lacks the finite control one needs to properly
manage connections, however the firewall and logging is capable.
Application access may also be accessed from outside the MS interface
and rules established for more finite port control.

Winged

winged