198
Chapter 20: Logging and Reporting
Service Summary Reports
The Service Summary Reports include usage and user information on a per service basis.
For example, the default report for the TELNET gateway indicates the top 100 clients by
connections, the top 100 clients by amount of traffic, and the top 100 denied clients.
Each night the cron daemon on the firewall runs the daily script (/usr/gauntlet/bin/daily).
When the daily report option is turned on (it is on by default), this script calls a daily
report script (/usr/gauntlet/bin/daily-report) which calls other shell scripts to summarize
the logs for each service. The firewall mails the reports to the firewalladmin alias as
configured with gauntlet-admin. Note that the firewall stores the daily report in
/usr/tmp/daily-report.
When the weekly report is turned on, the cron daemon on the firewall runs the weekly
script (/usr/gauntlet/bin/weekly). This script calls the weekly reporting script
(/usr/gauntlet/bin/weekly-report) to summarize the services for the past week. The firewall
mails the reports to the firewalladmin alias. Note that the firewall stores the weekly
report in /usr/tmp/weekly-report.
Exception Reports
Exception Reports include noteworthy items. The Gauntlet Firewall defines a list of items
that are not noteworthy and ignores those sorts of entries in the logs. The firewall
considers all other events as possible security events. Thus, any item that you have not
specifically told the firewall to ignore, it reports. This report includes information that
could indicate a possible attack or other problems.
For example, the firewall default is to ignore successful authentications when parsing the
log file. Successful authentication attempts are a normal part of firewall activity.
However, unsuccessful authentication attempts could be a sign of a potential attack.
Therefore, the exception report includes all unsuccessful authentication attempts from
the logs.
To create the Exception Reports, the cron daemon periodically (the default is four times a
day but this can be configured in gauntlet-admin) runs a reporting script
(/usr/gauntlet/bin/frequentcheck). This script scans the log files for events that it can ignore,
as defined in another configuration file (/usr/gauntlet/config/frequentcheck.ignore). The
script summarizes all of the noteworthy items since the last time it created a report. The
firewall mails the reports to the firewalladmin alias. The firewall stores the exception
report in /usr/tmp/frequentcheck-report.
Содержание Gauntlet
Страница 1: ...Gauntlet for IRIX Administrator s Guide Document Number 007 2826 004 ...
Страница 16: ......
Страница 26: ......
Страница 27: ...PART ONE Understanding the Gauntlet Internet Firewall I ...
Страница 28: ......
Страница 43: ...PART TWO Configuring and Using Proxies II ...
Страница 44: ......
Страница 50: ......
Страница 56: ......
Страница 64: ......
Страница 72: ......
Страница 94: ......
Страница 109: ...PART THREE Administering General Gauntlet Firewall Services III ...
Страница 110: ......
Страница 140: ......
Страница 146: ...120 Chapter 17 The Graphical Management Interface Figure 17 3 Gauntlet Introductory Management Form 1 of 3 ...
Страница 147: ...Introductory Management Form 121 Figure 17 4 Gauntlet Introductory Management Form 2 of 3 ...
Страница 148: ...122 Chapter 17 The Graphical Management Interface Figure 17 5 Gauntlet Introductory Management Form 3 of 3 ...
Страница 150: ...124 Chapter 17 The Graphical Management Interface Figure 17 6 Networks and Interfaces Configuration Form 1 of 2 ...
Страница 151: ...Networks and Interfaces Configuration Form 125 Figure 17 7 Networks and Interfaces Configuration Form 2 of 2 ...
Страница 155: ...Routing Configuration Form 129 Figure 17 8 Routing Configuration Form ...
Страница 162: ...136 Chapter 17 The Graphical Management Interface Figure 17 10 Proxy Servers Configuration Form 1 of 3 ...
Страница 163: ...Proxy Servers Configuration Form 137 Figure 17 11 Proxy Servers Configuration Form 2 of 3 ...
Страница 164: ...138 Chapter 17 The Graphical Management Interface Figure 17 12 Proxy Servers Configuration Form 3 of 3 ...
Страница 170: ...144 Chapter 17 The Graphical Management Interface Figure 17 13 DNS Configuration Form 1 of 2 ...
Страница 171: ...DNS Configuration Form 145 Figure 17 14 DNS Configuration Form 2 of 2 ...
Страница 177: ...Sendmail on Gauntlet Servers 151 Figure 17 15 Sendmail Configuration Form ...
Страница 187: ...Logfiles and Reports Configuration Form 161 Figure 17 20 Reports and Logfiles Form 1 of 2 ...
Страница 191: ...Authorizing Users Form 165 Figure 17 22 Authorizing Users Form ...
Страница 192: ...166 Chapter 17 The Graphical Management Interface Figure 17 23 Add User Form ...
Страница 214: ......
Страница 232: ......
Страница 233: ...Appendixes IV ...
Страница 234: ......
Страница 294: ......
Страница 305: ......