Thanks for the update Gianluca! Regarding logs, yes of course we would like to log the last drop. But we run about 30 enterprise firewalls, distributed across about 6 management consoles. We do over 8 million log entires a day, and a couple gigs of data, and that is without the log final drops. Obviously we'll have multiple instances of the FWGold client to harvest that data. Tom ----- Original Message ----- From: "Gianluca Rotoni" <gianluca@xxxxxxxxxx> To: <fwgold-users@xxxxxxxxxxxxx> Sent: Thursday, August 29, 2002 10:59 AM Subject: [fwgold-users] Re: NG compatibility? > > > Hi, > > The NG compatibility is still under work. Since I do not have NG > I rely on others passing me the output of fw log on NG. > I received a few and I'll soon start working on it. > > In a distributed environment, the ideal is to leave the server > run on the FW management station and the client somewhere else, > perhaps where a Web server runs so that the output can be shown > via web. > What you log really depends on what you want to analyze on your > statistics (and viceversa). I always log everything, at the end > it's only a few megabyte data a day which it can be easily > compressed and archived on tapes. > Not logging the last drop is not a good idea, IMHO as it makes > very difficult to track down FW problems and does not help in > finding out possible attacks. > > Regards, > Gianluca > > > > > I saw some notes about FWGold and NG compatability. Just wanted to check > > what that status was. We currently run a mixed shop of NG and v4.1, so we > > have management servers for both. > > > > Also an architecture question. Does the client side piece of FWGold run on > > the management console (assuimg you have a distributed deployment with your > > firewalls and management consoles on different boxes)? And if so, do you > > need to log all packets to get accurate data. Currently we don't log final > > drops. > > > > Thanks, > > Tom > > > > ================================================= > > Archives of this mailing list's > > messages ca be retrieved from > > //www.freelists.org/archives/fwgold-users > > ================================================= > > To unsubscribe from this maling list > > send a mail to fwgold-users-request@xxxxxxxxxxxxx > > with the word "unsubscribe" as subject. > > ================================================= > > To administer your account visit the site : > > //www.freelists.org/cgi-bin/lsg2.cgi > > ================================================= > > > > > ================================================= > Archives of this mailing list's > messages ca be retrieved from > //www.freelists.org/archives/fwgold-users > ================================================= > To unsubscribe from this maling list > send a mail to fwgold-users-request@xxxxxxxxxxxxx > with the word "unsubscribe" as subject. > ================================================= > To administer your account visit the site : > //www.freelists.org/cgi-bin/lsg2.cgi > ================================================= > ================================================= Archives of this mailing list's messages ca be retrieved from //www.freelists.org/archives/fwgold-users ================================================= To unsubscribe from this maling list send a mail to fwgold-users-request@xxxxxxxxxxxxx with the word "unsubscribe" as subject. ================================================= To administer your account visit the site : //www.freelists.org/cgi-bin/lsg2.cgi =================================================