X
Tech

Read your firewall logs!

Installing a firewall, configuring its rule-set, and letting it pass or deny traffic is not good enough. You also need to continuously monitor your firewall's log files.
Written by Laura Taylor, Contributor
Installing a firewall, configuring its rule-set, and letting it pass or deny traffic is not good enough. You also need to continuously monitor your firewall's log files. By reviewing your firewall logs, you can determine whether new IP addresses are trying to probe your network, and whether you want to write new and stronger firewall rules to block them. Then you can decide whether to trace the probes and take some sort of management action.

All firewalls log information either locally or to a centralized logging server. You should review your logs daily, preferably first thing in the morning, to see if any suspicious activity occurred overnight. Here's a basic list of things to watch for:

If you read the log files every day, you'll get a feel for what is normal and abnormal connection behavior. Sometimes you'll notice abnormal behavior, and initially may not know what action to take. When that happens, research the abnormal behavior to determine whether you should take further action. A good place to seek assistance is your firewall vendor. Call the vendor up and ask for recommendations. Most should be glad to help.Installing a firewall, configuring its rule-set, and letting it pass or deny traffic is not good enough. You also need to continuously monitor your firewall's log files. By reviewing your firewall logs, you can determine whether new IP addresses are trying to probe your network, and whether you want to write new and stronger firewall rules to block them, or trace the probes and take some sort of management action.

All firewalls log information either locally or to a centralized logging server. You should review your logs daily, preferably first thing in the morning, to see if any suspicious activity occurred overnight. Here's a basic list of things to watch for:

If you read the log files every day, you'll get a feel for what is normal and abnormal connection behavior. Sometimes you'll notice abnormal behavior, and initially may not know what action to take. When that happens, research the abnormal behavior to determine whether you should take further action. A good place to seek assistance is your firewall vendor. Call the vendor up and ask for recommendations. Most should be glad to help.

Laura Taylor is the Chief Technology Officer and founder of Relevant Technologies. Ms. Taylor has 17 years of experience in IT operations with a focus in information security.

Editorial standards