Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 947 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

A suggestion - Easier problem handling

Orjan Sandland
I haven't used ASL for very long, but I have a fair amount of network experience, and have participated actively on many other lists for other firewall products.

The first thing that strikes me when trying to help others, is that everyone is giving out different information in their problem descriptions.
Some include the routing table, others thet network definitions, and most of the time - that is just a part of the truth - and most of my answers at least - becomes assumptions.

So - ASL dudes (and dudettes?), what about a function in the firewall that grabbed all relevant config info from the firewall anonymizing all sensitive info, like IP-addresses and site specific details.

It could include an extract from the relevant logs, the network defs, packet filters, network masquerading and *NAT stuff.

This would make reporting a problem alot easier, as the user would just describe how he/she experience the problem, and don't worry about getting all the details in the posting. 
The helper on the other hand, wouldn't have to ask four times for relevant information..

So..whaddya think? If it's interesting - I'd be happy to help out with this.

Best regards,
Ørjan Sandland


This thread was automatically locked due to age.
Parents
  • 0
    Hi Ørjan,

    we afraid most people don't want send their IP adresses, routing information and filter rules to a public forum.... (and i understand them)
  • 0 in reply to Markus Hennig
    Markus,
    of course no ip-addresses should be posted. That is why I mentioned anonymizing.

    It wouldn't take much of a perl script to anonymize ip-addresses, routing tables and other stuff while still maintaining the relations between all data

    A problem report generator in the firewall, could also consist of several levels of details, even allowing the admin to deselect certain items from the report if necessary.

    Don't' you agree that a standardized problem report would help diagnosing problems?

    Just some thoughts.

    Ørjan
Reply
  • 0 in reply to Markus Hennig
    Markus,
    of course no ip-addresses should be posted. That is why I mentioned anonymizing.

    It wouldn't take much of a perl script to anonymize ip-addresses, routing tables and other stuff while still maintaining the relations between all data

    A problem report generator in the firewall, could also consist of several levels of details, even allowing the admin to deselect certain items from the report if necessary.

    Don't' you agree that a standardized problem report would help diagnosing problems?

    Just some thoughts.

    Ørjan
Children
  • 0 in reply to Orjan Sandland
    I'm just playing around with this idea here... I'll whip together some code to see if I can do a quick'n dirty implementation of this.

    If you think I need to include other info than what's below... let me know:
    Definitions-Networks
    Definitions-Services
    Network-Interfaces (defgw & ifaces)
    Network-Routing
    Network-DNAT
    Network-SNAT
    Network-Masquerading
    Packet Filter-Rules
    A tail -100 from /var/log/kernel
    A tail -50 from /var/log/daemon

    those are the most obvious... 

    I hope to use a script to identify the ip/mask and either use a random function to generate a new set of ip's that have the same relationships, or just pick related ip's from a predetermined table.

    Ørjan
Unfiltered HTML