-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks. I've started in PIX syslog direction. May anybody know perl script for extracting traffic data from PIX syslog. How do people who have PIX get statistics from it? Another problem that PIX syslog is too big > 0.5 Gb/day Jeff Kell wrote: > Wixted, Joe wrote: > >>I don't think the PIX IOS does netflow, so you'd have to pull that off >>the router. (But I've been known to be wrong before...) > > > You are correct. As to the original question: > > >>How can I get traffic statistics including NAT from Cisco PIX? > > > I don't know of an ntop answer, but... > > The only reliable way is from the PIX syslog data. You can fairly > easily extract the pieces, but you have to put them back together. > For individual flows, you can get a quick summary by looking for > connection teardown messages, e.g.: > > >>May 13 15:45:47 utc-pix May 13 2005 15:45:47: %PIX-6-302016: Teardown >>UDP connection 160217517 for outside:a.b.c.d/49840 to >>inside:e.f.g.h/53 duration 0:00:01 bytes 157 > > > This gives you real endpoints from the inside/outside perspective, and > the number of bytes transferred [sorry, no inbound/outbound breakdown]. > If you throw in NAT, you'll also have to capture the setup messages: > > >>May 13 15:45:47 utc-pix May 13 2005 15:45:47: %PIX-6-302015: Built >>outbound UDP connection 160217519 for outside:ao.bo.co.do/53 >>(ai.bi.ci.di) to inside:ei.fi.gi.hi/32768 (eo.fo.go.ho/32768) > > > This gives you the NAT inside(i) and outside(o) translations in effect. > > Jeff > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop - -- Sergey Smirnov UNIX System Administrator of System Department Transas Group -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFChb6OmVlVgFWQYrkRAj6QAKCNDOR6ON+IpcURZBPiceCkCjiwcwCgg4Ap kNZ3NCOqHRG2cpSzpNmIkpc= =Shne -----END PGP SIGNATURE----- _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
