Not Logging CIFS
|
View:
New views
4 Messages
—
Rating Filter:
Alert me
|
 |
Not Logging CIFS
by phab
::
Rate this Message:
Hi to all,
I'm trying since a while to implement a Netbios/CIFS drop and no log from traffic coming on the Untrust Interface. If tried everything (on 5.1.x, 5.3.x, and now 5.4.0r6): - From Every Zone to Untrust - Untrust Intrazone Policy - from SRC Any to DST Any (and Public external IP) - For all related Service (SMB, MS-RPC-Any ...) As these logs are totally polluting syslog and SIMS Server, how can I get the job done ? Precision on the Netscreen Model => NS50 with 4 ETH (Untrust, Trust ...) Thanks |
|
|
Re: Not Logging CIFS
by Jeremy Stinson
::
Rate this Message:
Hello,
I have set this rule up on my sites but the one thing that I do is create a new service which includes ports 137,138,139,445 for both udp and tcp and then 1433, 3389, etc for other things you don't care to be logged. It works better for me to do this then to rely on the NS provided services and I have not had an issue with leakage. Also remember that if you are using MIPs in a Untrust to ??? rule, you have to specify the MIP in the policy b/c an "ANY" statement will not be applied. Good luck, Jeremy ----- Original Message ----- From: "phab" <fab-pro.aubry@...> To: <nn@...> Sent: Tuesday, January 08, 2008 11:55 AM Subject: [nn] Not Logging CIFS > > Hi to all, > > I'm trying since a while to implement a Netbios/CIFS drop and no log from > traffic coming on the Untrust Interface. > > If tried everything (on 5.1.x, 5.3.x, and now 5.4.0r6): > - From Every Zone to Untrust > - Untrust Intrazone Policy > - from SRC Any to DST Any (and Public external IP) > - For all related Service (SMB, MS-RPC-Any ...) > > As these logs are totally polluting syslog and SIMS Server, how can I get > the job done ? > > Precision on the Netscreen Model => NS50 with 4 ETH (Untrust, Trust ...) > > Thanks > > > -- > View this message in context: > http://www.nabble.com/Not-Logging-CIFS-tp14693783p14693783.html > Sent from the Netscreen at Compsoc.com mailing list archive at Nabble.com. > > _______________________________________________ > nn mailing list > nn@... > http://www.compsoc.com/cgi-bin/mailman/listinfo/nn _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn |
|
|
Re: Not Logging CIFS
by phab
::
Rate this Message:
Hi,
I've tried this through à Global Policy denying CIFS on TCP/UDP with my own custom services and it does not work (With an Any - Any statement). All destination are my Public IP Address on the Untrust Interface ... So I think there's something to figure out with the Self Logging Feature (When Off => No Logging other than Policy Logging in my mind) But I still don't know what Phab
|
|
|
Re: Not Logging CIFS
by Kyle R
::
Rate this Message:
One thing to think about, if you are ultimately sending log traffic to a SIM via syslog, is to do the log filtering on the syslog system itself. We filter out all of the syslog traffic we don't want to view in our SIM with syslog-ng. It works well for us without having to rely on the features of the firewall.
On 1/8/08, phab <fab-pro.aubry@...> wrote:
_______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn |
| Free Forum Powered by Nabble | Forum Help |