Re: [gb-users] Excessive GB-Ware logging

To:	Chris Green <cgreen_at_greenfam_dot_org>
Subject:	Re: [gb-users] Excessive GB-Ware logging
From:	David Morris <dwm_at_xpasc_dot_com>
Date:	Sun, 15 Oct 2006 05:34:35 -0700 (PDT)
Cc:	<gb-users_at_gta_dot_com>
In-reply-to:	<453223CB.70003@greenfam.org>

Probably want to be carefull with our termnology ... Chris has called our
attention to the fact that most pages browsed at the user level (e.g.,
click a link) consist of many individual URL GET requests. Typical for
sites today such as CNN is ~100 objects retrieved for one page. There is
no way for a firewall to indentify those URLs with certainty as being
associated with a single page request and from a security management
perspective I wouldn't want them to be.

I think Eric's observation is that each of those ~URL GETs expands into
10-50 log events ... but this is just a guess ... hence using precise
termnology would help focus the question.

On Sun, 15 Oct 2006, Chris Green wrote:

> Why would you not want every single GET to be logged?  That's the entire
> point of logging HTTP traffic.
>
> Eric Appelboom wrote:
> > This is "almost" as bad as not being able to disable (collate) the
> > logging and event for every single HTTP GET.
> > One user browsing one url results in 10-50 log events.
> >
> > Regards
> > Eric
> >
> > -----Original Message-----
> > From: Roger Cornelius [mailto:rac_at_custom-mobility_dot_com]
> > Sent: 13 October 2006 08:40 PM
> > To: gb-users_at_gta_dot_com
> > Cc: Roger Cornelius
> > Subject: [gb-users] Excessive GB-Ware logging
> >
> > We're using GB-Ware 4.0.2 with remote logging turned on.  Each time the
> > firewall emails an alarm, it generates three syslog messages to report
> > the status:
> >
> > Oct 13 14:14:13 gbox id=firewall time="2006-10-13 18:14:13"
> > fw="12100192" pri=6 msg="alarm: Connecting to email server"
> > dst=192.168.1.1 dstport=25
> >
> > Oct 13 14:14:13 gbox id=firewall time="2006-10-13 18:14:13"
> > fw="12100192" pri=5 msg="alarm: Connected to email server successfully"
> > src=192.168.1.100 srcport=1170 dst=192.168.1.1 dstport=25
> >
> > Oct 13 14:14:34 gbox id=firewall time="2006-10-13 18:14:34"
> > fw="12100192" pri=5 msg="alarm: Email alarms successfully sent"
> > dst=192.168.1.1 dstport=25
> >
> > Is there a way to turn these messages off?
> > --
> > Roger Cornelius            rac_at_custom-mobility_dot_com
> >
> > ------------------------------------------------------
> > To unsubscribe:           gb-users-unsubscribe_at_gta_dot_com
> > For additional commands:         gb-users-help_at_gta_dot_com
> > Archive:  http://archives.gnatbox.com/gb-users/
> >
> > ------------------------------------------------------
> > To unsubscribe:           gb-users-unsubscribe_at_gta_dot_com
> > For additional commands:         gb-users-help_at_gta_dot_com
> > Archive:  http://archives.gnatbox.com/gb-users/
>
> ------------------------------------------------------
> To unsubscribe:           gb-users-unsubscribe_at_gta_dot_com
> For additional commands:         gb-users-help_at_gta_dot_com
> Archive:  http://archives.gnatbox.com/gb-users/

------------------------------------------------------
To unsubscribe:           gb-users-unsubscribe_at_gta_dot_com
For additional commands:         gb-users-help_at_gta_dot_com
Archive:  http://archives.gnatbox.com/gb-users/

<Prev in Thread]	Current Thread	[Next in Thread>
[gb-users] Excessive GB-Ware logging, Roger Cornelius RE: [gb-users] Excessive GB-Ware logging, Eric Appelboom Re: [gb-users] Excessive GB-Ware logging, Chris Green Re: [gb-users] Excessive GB-Ware logging, David Morris <= RE: [gb-users] Excessive GB-Ware logging, Cox, Danny H.

Previous by Date:	Re: [gb-users] Excessive GB-Ware logging, Chris Green
Next by Date:	[gb-users] anyone have gbadmin 3.2?, Richard Stevens
Previous by Thread:	Re: [gb-users] Excessive GB-Ware logging, Chris Green
Next by Thread:	RE: [gb-users] Excessive GB-Ware logging, Cox, Danny H.
Indexes:	[Date] [Thread] [All Lists] [Home]