I wrote Perl scripts to extract the information I wanted from my Gauntlet
firewall logs (since TIS didn't bother to provide reporting
capabilities for the kinds of information my upper management really
wanted to see).
I have scripts to provide:
Top 10 Users (by bytes transferred)
Top 10 Sites Visited
Top 10 Sites Visited by the Top 10 Users
Bytes Transferred By Hour
Bytes by Subnet
Bytes by IP
Unserved Ports (number of hits to each unserved port)
And, a special "sting" script that will search a logfile and provide the
every resolved site and the time it was accessed for a particular IP
address. This has been useful when the IG's office requests a list of all
sites a particular person (by workstation IP address) has accessed in a
particular period.
Each compiles the data, then generates a tab-delimited text report that is
emailed and can be imported into a spreadsheet
I'm sure you can modify these to match the log formatting of any
particular brand of firewall. Anyone who wants them, send me a note
at:
[EMAIL PROTECTED]
and I'll send you the tarred/gzipped file.
Regards.
Bill
=============================================================================
Bill Casti, CQA Email: [EMAIL PROTECTED]
Internet Security Manager (Contract) Pager: +1 800 604 6149
Internet and Firewall Systems Work: +1 703 834 8209
Bell Atlantic Federal Integrated Solutions Fax: +1 540 542 2574
=============================================================================
On Tue, 13 Apr 1999, Walter Lecossois wrote:
> Hello,
>
> Does anybody know some good tools to analyse logfiles. In
> particular, we would like to have some statistics on internet usage.
> It should be able to analyse logfiles from Raptor and Checkpoint
> firewalls.
>
> Thanks,
>
> Walter.
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
