Re: [OT?] Accounting from PIX Logs

["Security Guy" <security () sligoinc com>]

It's been a little while, and I find this interesting as I was using
tcpdump and a custom script the last time I wanted to setup accounting
of this type using a PIX (yes, it was a long time ago). Though I'm
sure there are tools now that will do a lot of this for you.

Brian, is there ever going to be a netflow-export type accounting
built-in to PIX/ASA/FWSM, or are we stuck with reading the logged
flows from syslog? Or is there already a better way to do this (I
haven't really touched a PIX since the 6.3 days)

Thanks!

-Karl

On 3/28/07, fRANz <andrea.francesconi () gmail com> wrote:
> On 3/28/07, Brian Ford (brford) <brford () cisco com> wrote:
>
> > Franz,
> >
> > I wouldn't consider this OT at all.
>
> Hi Brian,
>
> thank you for your reply.
>
> > So given that you are considering summarizing data from the PIX logs;
> > what kinds of data are you looking for in this summary?
>
> It isn't a security log analysis.
> At this moment, I think connection traffic (for any single connection
> in connection tracking) is the best information that I've to manage.
>
> > You also said "accounting"; by that did you mean checking to see if you
> > had log data missing or actually looking in the log data for accounting
> > details?
>
> Accounting by internal IP address, by protocol, etc... (possibly sorted).
> Like a "report" related to time unit...
>
> Regards,
> -f
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards