Firewall Log filter.

From National Research Council Canada

Download	View final version: Firewall Log filter. (PDF, 688 KiB)
DOI	Resolve DOI: https://doi.org/10.4224/18253434
Author	Search for: Jiang, Peng¹
Affiliation	National Research Council of Canada. NRC Institute for Ocean Technology
Format	Text, Technical Report
Physical description	27 p.
Subject	Firewalls; Networks; Security; Logs; OpenBSD; PF Filter
Abstract	The need for Firewall Log Filter. In many cases, it is possible to detect patterns by browsing the log data but unfortunately it is also tedious. For example, a clever attack against a firewall cluster of an enterprise is scattered over all of its firewalls and executed slowly from several different IP addresses using all the possible protocols alternately. In such situation, we have to use the log filter to collect the correlated IP addresses. The typical size of the firewall log entries was more than 100,000 lines, which were collected during a period of a day. From these entries, with the frequency of equal or greater than 5,000 the FLF was able to identify the pattern and was able to generate a summary. When the frequency was lowered to 50, the FLF also has the ability to ignore generating summaries in order to save computation and analyzing time.
Publication date	2009-01-01
Series	Student Report, no. SR-2009-20.
Language	English
Peer reviewed	No
NPARC number	18253434
Export citation	Export as RIS
Report a correction	Report a correction (opens in a new tab)
Record identifier	a89e9e70-2196-474a-8292-8f8dae2f21d0
Record created	2011-07-12
Record modified	2020-05-27

Date modified:: 2024-04-19