PROPOSAL: Modifications to firewall schema
Joost van Baal
joostvb at logreport.org
Wed Jan 16 13:14:35 CET 2002
On Sat, Jan 12, 2002 at 12:04:40PM -0500, Francis J. Lacoste wrote:
> On Fri, Jan 11, 2002 at 06:18:05PM +0100, Wytze van der Raay wrote:
> > Francis J. Lacoste wrote:
> >
> > >Proposal for modifications to the firewall superservice schema
> > >==============================================================
> >
> > How do you intend to handle the "count" field that is found with
> > some devices (in particular cisco routers)? Duplicating N DLF lines
> > in case the count is N seems rather wasteful -- would it be possible
> > to add a "count" field in the DLF (default 1), or does this mess up
> > the subsequent processing?
>
> I already suggested as a way to solve the firewall issue to add a count
> field (which would default to one for ipchains, ipmon and other).
> Joost argued against (and to print N DLF line) which more reflects what
> a DLF means -> one event (which should be a packet) = 1 line.
I'm convinced now of the usefulness of a count field. The other ideas
in the proposal and discussion sound very reasonable to me too.
Bye,
Joost
--
Joost van Baal . . http://www.logreport.org/
. .
/^LogReport$/ . . joostvb at logreport.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.logreport.org/pipermail/development/attachments/20020116/03a30357/attachment.bin
More information about the Development
mailing list