It is never too late to post your ideas. Maybe we consider them good enough to be put into an up2date, and at the least we will make a mental note for the next version.
It is never too late to post your ideas. Maybe we consider them good enough to be put into an up2date, and at the least we will make a mental note for the next version.
Log deletion... is there a way we can get certain logs deleted at diff intervals then others. Such as keep the portscan logs for 3 weeks then delete them and HTTP logs be kept till the end of time or till the hard drive runs out of space whichever comes first. The reason I'm asking this is because Schools want to be able to keep logs of where students/teachers have been surfing for as long as possible yet hardly will ever look at Portscan logs or mail logs with the exception of Spam/Virus stats.
It would be nice to see due to which Packet Filter Rule (Index # would be enough) a packet has been blocked or allowed to pass, when viewing LiveLog activity. Helps a lot correcting misconfigured rules. That feature exists in some ISDN+VPN hardware routers...
Log deletion... is there a way we can get certain logs deleted at diff intervals then others. Such as keep the portscan logs for 3 weeks then delete them and HTTP logs be kept till the end of time or till the hard drive runs out of space whichever comes first. The reason I'm asking this is because Schools want to be able to keep logs of where students/teachers have been surfing for as long as possible yet hardly will ever look at Portscan logs or mail logs with the exception of Spam/Virus stats.
[/ QUOTE ]
What about sending only the 'important' logfiles to a remote syslog server collecting all the data (e.g. from more than one ASL)?
It would be nice to see due to which Packet Filter Rule (Index # would be enough) a packet has been blocked or allowed to pass, when viewing LiveLog activity. Helps a lot correcting misconfigured rules. That feature exists in some ISDN+VPN hardware routers...
[/ QUOTE ]
This is also on our wishlist... since it's not easy to implement without performance loss, it won't make it in V6 - but we're keeping it in mind for sure [;)]
Marcel, the only reason I wasn't leaning towards a syslog server is sheer politics... most of the schools have had their budget cut back & can't fit in a syslog server & several don't want the main School district buildings to handle it. They want the logs local & don't want anyone but their techs & a very few teachers within the school to be able to see those logs.
1. Arpwatch using Promiscuous Mode for Broadcast traffic.
2. Local NTP Server We have huge global VPN scenarios where we have to use an ntp server. -not only for ASL, also for Cisco, Windows, and so on... I think there would be no problem to integrate drivers for a local connected dcf77 or gps clock. For germany i would prefer the dcf77 solution, because this is very cheap.
On my Evaluation Version (5.800) this seems to be fixed. The Astaro process bar is gone... There seems to be a new handle mechanism. Is this right?
4. Sender mail Address of ASL There sould be an easy way (out of box) to adjust the sender mail address of ASL-notifications.
5. Set HTTP-Proxy Cache Size Let the User set the Cache Size for HTTP-Proxy in Webadmin. (maximum_object_size)
6. Integrate Proxy`s bandwidth in QOS.
7. Afford an opportunity to set a failover parent proxy.
8. Flashlight Signal for NIC 12 NIC`s and no idea which interface you have configured? The solution would be a flashlight signal controlled by Webadmin...
For ASG this could be integrated, because the NICs are always the same.
9. SSL and Virus Protection for WEB? Is there a way to scan https traffic? Could be the Endpoint of ssl tunnel our asl, scan the contend and forward this to the client?
My feature wish list is quite short, since ASL already includes most of the features that I would like to have. But there are still a few things missing.
1. NTP server. At the moment, ASL has the NTP client, but is not designed to relay time information, since the server portion is missing.
2. IMAP proxy. At the moment, ASL includes POP3 and SMTP proxies, but the IMAP mail proxy is missing, leaving a spam and virus security hole for clients that use IMAP mail connections.
3. Novell eDirectory tie-in. At the moment ASL supports LDAP and RADIUS connections to an external directory service, but this is an armslength approach. If an ASL box could be directly connected to a Novell NDS tree, and appear in a Novell Console1 view of the tree, then Novell's user base could far more readily implement ASL firewalls.
4. Load balanced connections. At the moment ASL works with single physical connections for each logical network. The inclusion of a multi-NIC meta driver would allow for teamed, redundant, load balanced connections on both the LAN and the WAN side of the ASL firewall.
For sure... I want to set the maximum size of a cached file in Webadmin, so maximum_object_size is right. My headline "5. Set HTTP-Proxy Cache Size" is a little bit confusing.
