I'll answer my own e-mail.. WhenI first turned up the firewall I didn't have much room on my logserver (an experiment at the time) so I turned off logging messages ID's 302001,002,005,006 and 010. That's where the information is that I wanted.. now I'm having FUN with my log...files. If there is a program that's out there I'd still be interested, but I'm really getting what I need from some grep's,sed's and cut. Peace Roy At 10:59 AM 6/7/2001, you wrote: >I need something to create reports for traffic on my PIX >firewall..freeware..I'm a not for profit. > >I'm logging to a loghost, but I'm not making much progress parsing the >logs looking for connections to ports and the like...I'm trying. > >While we're familiarizing our selves with the traffic we're running it >wide open. I've identified my servers and the ports needed for them and >created access-lists for them. When I do a sho access-list, I can see the >hits incrementing so I know they're working. I also created access lists >for a port in general such as FTP or WWW and can see that even though my >known servers are collecting occurances (they are first in the access >list) the general rule like "FTP or WWW any any" is also getting >occurances. My problem is that the sho mechanism of the PIX only tells me >that my rule got a hit, but there's no way of finding out exactly who and >where this happened. I can't see anything in the logs that makes sense. >Even if I were to make it a deny, the only time it will tell you if a >rule got hit the log file only tells me that the access-group got hit and >won't tell me what rule or port of it go the hit. If the PIX were like the >access-lists on the routers where you can log regardless of an permit or a >deny it would be step in the right direction. > >I played with check point a few years ago and if my memory serves me well >it seemed to be much more robust in the reporting mechanism than the PIX. > > >Any help would be greatly appreciated. > > >Roy Harrison >The Research Libraries Group >Mountain View CA > >- >[To unsubscribe, send mail to [EMAIL PROTECTED] with >"unsubscribe firewalls" in the body of the message.] ___________________________________ If we don't change our basic perceptions of life, as a species we will perish in servitude to institutional greed. Please read Vote or Die at www.thirdparty.dhs.org "A human being is part of a whole, called by us the "Universe," a part limited in time and space. He experiences himself, his thoughts and feelings, as something separated from the rest -a kind of optical delusion of his consciousness. This delusion is a kind of prison for us, restricting us to our personal desires and to affection for a few persons nearest us. Our task must be to free ourselves from this prison by widening our circles of compassion to embrace all living creatures and the whole of nature in its beauty. " - Albert Einstein (1879-1955) - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
