Firewall Wizards mailing list archives

RE: Statistics for Firewalls

From: "Sutantyo, Danny" <DSutantyo () livingstonintl com>
Date: Tue, 10 Sep 2002 11:37:17 -0400

Thanks for all the response, 
It's very useful info for me, and I am also comparing fwlogsum to
www.sawmill.com product, and they are almost similar. Also is any other way
to enable those bandwidth measurement in the log of checkpoint FW instead of
changing from "short" or "long" to "account"? I just don't want to degrade
the firewall performance.

What's the easiest way to get all the log from PIX fw? so I can parse it on
my local machine?

Thanks
DS

-----Original Message-----
From: Volker Tanger [mailto:volker.tanger () discon de]
Sent: Tuesday, September 10, 2002 11:24 AM
To: Sutantyo, Danny
Cc: firewall-wizards () honor icsalabs com; firewall-wizards () nfr com
Subject: Re: [fw-wiz] Statistics for Firewalls


Greetings!

Sutantyo, Danny wrote:

Has anybody done statistics from Cisco PIX firewall or CheckPoint FW-1
firewall?

My boss wants to have a report every week something like a graph that
contains protocol, bandwidth, load, etc...


fwlogsum, for example - or WebTrends. Maybe give Analog with a custom 
logfile format entry a try.

So I know CheckPoint FW-1 has a module but from some people don't

recommend

to use that module because it will increase the load of the production 
FW-1.


Yes - if you want to know the bytes transferred you will need to switch 
from "short" or "long" tracking to "accounting" - which in return will 
increase the load. If your machine is not maxed out already, you should 
try the increased "accounting" logging.

So the only way I can do is to export the log from the GUI to ASCII and do
it in Excel, but the problem is that the log viewer does not tell me the
bandwidth, just the number of event.


Aha - using excel indicates a low traffic site as the excel sheet 
otherwise exceeds bonds way too quickly. For bigger logfile you will 
have to use specialized tools.

Bye

Volker Tanger
IT-Security Consulting

-- 
discon gmbh
Wrangelstraße 100
D-10997 Berlin

fon    +49 30 6104-3307
fax    +49 30 6104-3461

volker.tanger () discon de
http://www.discon.de/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Statistics for Firewalls, (continued)
- - Re: Statistics for Firewalls S. Jonah Pressman (Sep 10)
- RE: Statistics for Firewalls Noonan, Wesley (Sep 10)
  - RE: Statistics for Firewalls Christopher Hicks (Sep 10)
    - RE: Statistics for Firewalls Bill Royds (Sep 10)
    - RE: Statistics for Firewalls Joe Matusiewicz (Sep 11)
    - RE: Statistics for Firewalls John Adams (Sep 11)
    - RE: Statistics for Firewalls Joe Matusiewicz (Sep 11)
    - RE: Statistics for Firewalls John Adams (Sep 11)
    - RE: Statistics for Firewalls Christopher Hicks (Sep 11)
    - Re: Statistics for Firewalls IT - Sven Mueller (Sep 12)
- RE: Statistics for Firewalls Sutantyo, Danny (Sep 10)
  - Re: Statistics for Firewalls Dominik Miklaszewski (Sep 10)
- RE: Statistics for Firewalls Roten, Charles (Sep 11)