I need something to create reports for traffic on my PIX firewall..freeware..I'm a not for profit. I'm logging to a loghost, but I'm not making much progress parsing the logs looking for connections to ports and the like...I'm trying. While we're familiarizing our selves with the traffic we're running it wide open. I've identified my servers and the ports needed for them and created access-lists for them. When I do a sho access-list, I can see the hits incrementing so I know they're working. I also created access lists for a port in general such as FTP or WWW and can see that even though my known servers are collecting occurances (they are first in the access list) the general rule like "FTP or WWW any any" is also getting occurances. My problem is that the sho mechanism of the PIX only tells me that my rule got a hit, but there's no way of finding out exactly who and where this happened. I can't see anything in the logs that makes sense. Even if I were to make it a deny, the only time it will tell you if a rule got hit the log file only tells me that the access-group got hit and won't tell me what rule or port of it go the hit. If the PIX were like the access-lists on the routers where you can log regardless of an permit or a deny it would be step in the right direction. I played with check point a few years ago and if my memory serves me well it seemed to be much more robust in the reporting mechanism than the PIX. Any help would be greatly appreciated. Roy Harrison The Research Libraries Group Mountain View CA - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
