This is a very vague question so my response might not be useful at all. Hopefully this is not the case.
I don't know how much experience you have with network security. Try to talk to someone at your company regarding the specific details of the network's security.
Depending on the information provided in the log you might not be able to gather any useful information from the log. If the log is just showing rejected or dropped packets then looking for attacks in the log is pointless. If an attack can be found in the log it clearly failed (because the packet did not get through). And obviously you can not know about things that aren't in the log just from looking at the log.
Regardless of the amount of information the log provides you can do a reverse dns lookup on the source ip and see if it matches the source hostname. If the resolved hostname and source hostname do not match that should raise some flags. It might not be an attack but it is suspicious behavior.
If the log shows packets that are passed throught the filter then there are some things that you can look for. If there are windows machines behind the firewall then look for activity on port 445. Many worms use vulnerabilites that windows has traditionally had in services monitoring that port. There are other things that might indicate attacks however a network security expert at the company would be the person to ask.
Hope this helps a little.
In reply to Re: data mine a firewall log
by zek152
in thread data mine a firewall log
by alexlearn
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |