Check out fwlogsum. This tool parses the firewall
log files (accounting files?) of FW-1 to create reports. This can be used to
populate rrdtool databases for trending/reporting. The “art” is
maintaining your policy so that changes over time don’t skew the metrics
collected.
Fwlogsum - http://fwlogsum.sourceforge.net/
Rrdtool - http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/
The MIB’s for FW-1 only provide high
level information such as enforcement point status (installed, uninstalled,
etc), and packet count on Accept, Deny, Drop, entries.
Personally, I use both SNMP for
monitoring/reporting the interface particulars such as utilization, and fwlogsum
for a more granular breakdown of the firewall log files.
HTH,
--- Gavin
-----Original Message-----
From: Glenn Mabbutt
[mailto:[email protected]]
Sent: Tuesday, May 07, 2002 11:37
AM
To:
[email protected]
Subject: [FW-1] monitoring via
SNMP
I've just
come across some mention of using SNMP to get log data from FW-1, especially in
combination with MRTG. However, I can't seem to find any detailed info on
exactly what can be monitored via the MIBs - I've found mention of bits per
second by interface, and some mention of being able to pull logged packets.
Specifically
I'm interested in the ability to pull bandwidth usage by IP address and/or
Checkpoint object/group.
Is it
worth considering SNMP-only monitoring vs. analyzing full log files, especially
for the above??
Thanks,
Glenn