Wixted, Joe wrote: > I don't think the PIX IOS does netflow, so you'd have to pull that off > the router. (But I've been known to be wrong before...)
You are correct. As to the original question: > How can I get traffic statistics including NAT from Cisco PIX? I don't know of an ntop answer, but... The only reliable way is from the PIX syslog data. You can fairly easily extract the pieces, but you have to put them back together. For individual flows, you can get a quick summary by looking for connection teardown messages, e.g.: > May 13 15:45:47 utc-pix May 13 2005 15:45:47: %PIX-6-302016: Teardown > UDP connection 160217517 for outside:a.b.c.d/49840 to > inside:e.f.g.h/53 duration 0:00:01 bytes 157 This gives you real endpoints from the inside/outside perspective, and the number of bytes transferred [sorry, no inbound/outbound breakdown]. If you throw in NAT, you'll also have to capture the setup messages: > May 13 15:45:47 utc-pix May 13 2005 15:45:47: %PIX-6-302015: Built > outbound UDP connection 160217519 for outside:ao.bo.co.do/53 > (ai.bi.ci.di) to inside:ei.fi.gi.hi/32768 (eo.fo.go.ho/32768) This gives you the NAT inside(i) and outside(o) translations in effect. Jeff _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
