[Top] [All Lists]

Re: Logging port numbers

2011-06-07 15:56:16

p.s. Though this does beg the question: how useful is it to log port
numbers when there's a very good chance that one or both ends are
behind one or more layers of NATs that don't log state changes?  I
understand and agree with the notion that LSN will dilute the value
of IP addresses as source identifiers.  But as far as I can tell,
they are already of pretty marginal value even without LSN.

I'm sitting in a meeting talking about this very topic (LSN) with
people from organizations that manage a lot of users and a lot of
address space, and the consensus is that there will be enough logging
at the NAT end that it's worth logging the ports.


<Prev in Thread] Current Thread [Next in Thread>