-----Original Message-----
From: Adams, Gavin
Sent: Tuesday, May 07, 2002 1:03
PM
To: [email protected]
Subject: Re: [FW-1] monitoring via
SNMP
Check out fwlogsum. This tool parses the
firewall log files (accounting files?) of FW-1 to create reports. This can be
used to populate rrdtool databases for trending/reporting. The
“art” is maintaining your policy so that changes over time
don’t skew the metrics collected.
Fwlogsum - http://fwlogsum.sourceforge.net/
Rrdtool - http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/
The MIB’s for FW-1 only provide high
level information such as enforcement point status (installed, uninstalled,
etc), and packet count on Accept, Deny, Drop, entries.
Personally, I use both SNMP for monitoring/reporting
the interface particulars such as utilization, and fwlogsum for a more granular
breakdown of the firewall log files.
HTH,
--- Gavin
-----Original Message-----
From: Glenn Mabbutt
[mailto:[email protected]]
Sent: Tuesday, May 07, 2002 11:37
AM
To:
[email protected]
Subject: [FW-1] monitoring via
SNMP
I've just
come across some mention of using SNMP to get log data from FW-1, especially in
combination with MRTG. However, I can't seem to find any detailed info on
exactly what can be monitored via the MIBs - I've found mention of bits per
second by interface, and some mention of being able to pull logged packets.
Specifically
I'm interested in the ability to pull bandwidth usage by IP address and/or
Checkpoint object/group.
Is it
worth considering SNMP-only monitoring vs. analyzing full log files, especially
for the above??
Thanks,
Glenn