Any other app with this level of logging?

Hello, I'm using Agnitum Outpost Pro 4.0 as my personal firewall.
Since this application is no longer supported I've been thinking to switch to something else.

Alas, I can't find any other alternative with the level of logging this application provides.

I uploaded a screenshots for those not familiar with the application:
http://img221.imagevenue.com/img.php?image=50518_sshot_122_129lo.jpg

A few comments:
- I'm only interested in the logging of allowed and blocked connections.
- It's possible to show more columns. Like: local port, sent bytes, received bytes and a few more.
- It's possible to define filters to show only the records that match certain conditions. You can filter by time, process, ports, addresses and more.
This feature is the one that really makes a difference for me. I seldom need it, but when I do it really is invaluable.

I've looked at many other alternatives, for example:
Outpost 2008
Kaspersky suite
ESET suite
Comodo firewall
Online Armor

The best I could find is decent logging capabilities but, if I remember correctly, none of them provides filtering capabilities.

Since I don't expect to find a firewall with such capabilities I would be very happy even with another application that could only provide these logging features.

What do you recommend?

 

Wait for Outpost 2009

 

Thank you, I didn't know about it.

I've checked the agnitum blog and it seems that the 2009 version will be what the 2008 version should have been.

 

You'll probably like OP 2009 alot better than 2008. Also, Jetico 2 firewall has excellent logging.

 

Have you thought of installing a sniffer (such as wireshark). Then use a firewall with other options you may require?

 

Outpost has been a favorite of mine. I like the older versions much better as they don't attempt to do so much. The downfall of firewalls IMO is that they have become a sort of 'necessity' and have grown into a lot of bloat. Outpost v1 was a great firewall. v2 is OK, it is what I use. It is nearing bloat though, and v3 & v4 I cannot stand.

Outpost stands out in it's ability to give you information and it's sleek rule interface. I have tried every software firewall I can find, some so obscure it takes me hours just to find a download source. None have yet to equal the ease of Outpost.

I used to really tweak it, have my presets so I could reinstall painlessly etc. I watched my logs. For a time now I have had it disabled, and really now find no need for it. I have a hard time leaving it for your very reasons... logging.

My choice if I wanted to actually endure the painful process would be Jetico v1 (free). It is logical the way it lays out the rules in levels (tables), but it is a major pain to get set up. A lot of prompts. BUT, it does let you determine which rule should be logged (that is, yes, per rule), and there is a lot of info that can be had in the logs. But, I chose to just say no to the allow/disallow addiction I have. It is a love/hate relationship, on one hand 'knowing' what is going on, on the other hand being 'fed up' with sooo much interaction.

I am now using SoftPerfect Personal Firewall. It is not a service. It does not protect you until it runs. It does not have the absolute best logs.

It IS free. It is, so far, the smallest footprint I have found, averaging 2mb of memory usage. It (unlike many other obscure firewalls) handles a good number or protocols. It does have a learning mode (for pop ups), it does, and again, it does during learning mode performs DNS resolution. That is somethign that small firewalls generally don't do. At least many that I have tested. That was a big one for me coming from Outpost.

Now, I am using also DSA as a hips thing. It has a decent little firewall built in that stealths you, but has no interface to it, so you get what it gives you. Pinging WAN does not seem to work. Some apps that use port 53 don't seem to work. WAN VPN seems to not work. So, I am going to do some test on ThreatFire again.

Now for my logs, I am still working that out. I can tell SoftPerfect to log each rule I make, but it is somewhat light on what it gives you.

I am working on an app that will incorporate some of the built in XP net tools and some other freeware ones to let me snoop when I want. There are plenty of them out there, but not one (free) that does all that I want.

Give Jetico a try if you want those logs that bad. Give SoftPerfect a try if you want a good light weight one.

Good luck.

Sul.

 

Sygate had some very excellent logging, in fact I think you could actually turn on logging at the packet level if you needed it. It was very comprehensive. Of course it's no longer supported now, but many people still like and use it.

 

I was about to propose the same, as I have ditched a firewall and been using the same approach as of late.

On topic, CHX has excellent logs. It will log the last ACK flag. I am not aware of any other firewall that will do this.

 

I have not used just a firewall in age's Tho I remeber zonealarm having nice logging also