Feature Requests item #1519726, was opened at 2006-07-09
16:35
Message generated for change (Comment added) made by nobody
You can respond by visiting:
https://sourcefo
rge.net/tracker/?func=detail&atid=725142&aid=1519726
&group_id=132104
Please note that this message will contain a full copy of
the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Interface Improvements (example)
Group: None
Status: Open
Priority: 5
Submitted By: Code_Slave (code_slave)
Assigned to: Nobody/Anonymous (nobody)
Summary: proxy logs virtually useless
Initial Comment:
can we please add the option on the firewall to log the NIC
of the
computer connecting from the "safe zone"
the proxy log is useless if you have a dhcp that allocates
an ip address
from a pool.
infact any data recorded by the firewall that relies on a
floating ip addess
is useless.
i don't see the point in allowing a user to setup a procy
server for
webacess that allows the NIC address to be used/blocked, but
then all teh
logging is attached to a random ip address.
------------------------------------------------------------
----------
Comment By: Nobody/Anonymous (nobody)
Date: 2006-09-15 19:01
Message:
Logged In: NO
log also MAC, not only IP
------------------------------------------------------------
----------
Comment By: Dayne Lucas (dayne)
Date: 2006-07-30 02:20
Message:
Logged In: YES
user_id=1391124
Another option, if you have non-technical managers, would be
to use proxy authentication, where the users are
authenticated with LDAP or RADIUS. That way you have an
easier to understand format (the username) rather than an IP
and MAC address. Then non-technical managers can reference
the username in the proxy log, which is far more people
friendly than a number...a.k.a the very reason why DNS was
developed.
Best regards,
Dayne
------------------------------------------------------------
----------
Comment By: Dayne Lucas (dayne)
Date: 2006-07-30 01:44
Message:
Logged In: YES
user_id=1391124
Quite frankly your argument is moot. What is the difference
between using time as a reference of look up and a MAC
address? Even if you had a pool of 200 IP addresses, with an
update frequency of an hour, 9 times out of 10 the client is
going to request the same IP address from the DHCP server,
and the server will assign the same IP. Even if you get the
MAC you are still going to reference the DHCP Log, which can
be made available quite easily, and searched quite easily
too. Just reference the time in the log with the IP listed
its that simple, and you don't need a super computer for
that. If you have your networked synchronised with an NTP
server time is a better point of reference with your DHCP
logs than a MAC address that can be spoofed.
Best regards,
Dayne
------------------------------------------------------------
----------
Comment By: Code_Slave (code_slave)
Date: 2006-07-28 20:16
Message:
Logged In: YES
user_id=413743
dane, thanks for your valuable input.
Note that this is a feature request, FOR INTERNAL ALLOCATED
DHCP
ADDRESSES.
If your answer is always going to be , "such and
such does this and that , so
that makes it O.K", then don't expect the product to
improve.
what you say is basically moot, when the clients are using
"Dynamic Dhcp"
from a pool of 200., re-newing once an hour, perhaps you
also think that it is
ok to crack open 50 tools to link and cross check the
information, possibly
we could upload it to an oracle database, and then use a
cray to index it.
Adding in the NIC address goes a long way to solving most
of these
problems, for internal Dhcp.
At the end of the day , when you have 200 branch shops, all
you need is a
quick way for the managers to be able to check what their
users are doing,
they do not have the time to start screwing about with nmap
& other tools,
esp when tey are NOT system admins.
------------------------------------------------------------
----------
Comment By: Dayne Lucas (dayne)
Date: 2006-07-23 00:45
Message:
Logged In: YES
user_id=1391124
Most firewalls, only log the IP of the client, Astaro,
Fortinet and Sonicwall all log the IP and not the MAC
because MAC address can be spoofed easier than IP. In the
log you have the time and date plus IP address, all you need
to do is cross reference that with you DHCP log and you will
have the node. A firewall is not the be all and end all, you
have to do some investigate yourself.
Best regards,
Dayne
------------------------------------------------------------
----------
You can respond by visiting:
https://sourcefo
rge.net/tracker/?func=detail&atid=725142&aid=1519726
&group_id=132104
------------------------------------------------------------
-------------
Using Tomcat but need to do more? Need to support web
services, security?
Get stuff done quickly with pre-integrated technology to
make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on
Apache Geronimo
http://sel.as-us.falkag.net/
sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Efw-devel mailing list
Efw-devel lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-devel
|