Firewall Log filter.

  1. (PDF, 683 KB)
DOIResolve DOI:
AuthorSearch for:
TypeTechnical Report
Series titleStudent Report
Physical description27 p.
SubjectFirewalls; Networks; Security; Logs; OpenBSD; PF Filter
AbstractThe need for Firewall Log Filter. In many cases, it is possible to detect patterns by browsing the log data but unfortunately it is also tedious. For example, a clever attack against a firewall cluster of an enterprise is scattered over all of its firewalls and executed slowly from several different IP addresses using all the possible protocols alternately. In such situation, we have to use the log filter to collect the correlated IP addresses. The typical size of the firewall log entries was more than 100,000 lines, which were collected during a period of a day. From these entries, with the frequency of equal or greater than 5,000 the FLF was able to identify the pattern and was able to generate a summary. When the frequency was lowered to 50, the FLF also has the ability to ignore generating summaries in order to save computation and analyzing time.
Publication date
AffiliationNRC Institute for Ocean Technology; National Research Council Canada
Peer reviewedNo
NPARC number18253434
Export citationExport as RIS
Report a correctionReport a correction
Record identifiera89e9e70-2196-474a-8292-8f8dae2f21d0
Record created2011-07-12
Record modified2016-10-03
Bookmark and share
  • Share this page with Facebook (Opens in a new window)
  • Share this page with Twitter (Opens in a new window)
  • Share this page with Google+ (Opens in a new window)
  • Share this page with Delicious (Opens in a new window)