Re: [fw-wiz] [OT?] Accounting from PIX Logs

It's been a little while, and I find this interesting as I was using
tcpdump and a custom script the last time I wanted to setup accounting
of this type using a PIX (yes, it was a long time ago). Though I'm
sure there are tools now that will do a lot of this for you.

Brian, is there ever going to be a netflow-export type accounting
built-in to PIX/ASA/FWSM, or are we stuck with reading the logged
flows from syslog? Or is there already a better way to do this (I
haven't really touched a PIX since the 6.3 days)



On 3/28/07, fRANz <andrea.francesconi@xxxxxxxxx> wrote:
On 3/28/07, Brian Ford (brford) <brford@xxxxxxxxx> wrote:


I wouldn't consider this OT at all.

Hi Brian,

thank you for your reply.

So given that you are considering summarizing data from the PIX logs;
what kinds of data are you looking for in this summary?

It isn't a security log analysis.
At this moment, I think connection traffic (for any single connection
in connection tracking) is the best information that I've to manage.

You also said "accounting"; by that did you mean checking to see if you
had log data missing or actually looking in the log data for accounting

Accounting by internal IP address, by protocol, etc... (possibly sorted).
Like a "report" related to time unit...

firewall-wizards mailing list