NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] monitoring via SNMP


  • To: [email protected]
  • Subject: Re: [FW-1] monitoring via SNMP
  • From: "Adams, Gavin" <[email protected]>
  • Date: Tue, 7 May 2002 17:38:08 -0400
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcH14LDZZ/6xJl/9Thu7/UdEY/zFfgAB4CTQAAm0goA=
  • Thread-topic: Re: [FW-1] monitoring via SNMP

Title: monitoring via SNMP

Woops,

Just realized my quick search for fwlogsum turned up the wrong one. Well, not wrong, but not the fwlogsum I’ve come to know and love. Note to self, Google search results should not be blindly copied into a message. Here’s the correct link…

 

Fwlogsum - http://www.ginini.com.au/tools/fw1/

 

Regards,

 

--- Gavin

 

-----Original Message-----
From: Adams, Gavin
Sent: Tuesday, May 07, 2002 1:03 PM
To: [email protected]
Subject: Re: [FW-1] monitoring via SNMP

 

Check out fwlogsum. This tool parses the firewall log files (accounting files?) of FW-1 to create reports. This can be used to populate rrdtool databases for trending/reporting. The “art” is maintaining your policy so that changes over time don’t skew the metrics collected.

 

Fwlogsum - http://fwlogsum.sourceforge.net/

Rrdtool - http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/

 

The MIB’s for FW-1 only provide high level information such as enforcement point status (installed, uninstalled, etc), and packet count on Accept, Deny, Drop, entries.

 

Personally, I use both SNMP for monitoring/reporting the interface particulars such as utilization, and fwlogsum for a more granular breakdown of the firewall log files.

 

HTH,

 

--- Gavin

 

-----Original Message-----
From: Glenn Mabbutt [mailto:[email protected]]
Sent: Tuesday, May 07, 2002 11:37 AM
To: [email protected]
Subject: [FW-1] monitoring via SNMP

 

I've just come across some mention of using SNMP to get log data from FW-1, especially in combination with MRTG.  However, I can't seem to find any detailed info on exactly what can be monitored via the MIBs - I've found mention of bits per second by interface, and some mention of being able to pull logged packets.

Specifically I'm interested in the ability to pull bandwidth usage by IP address and/or Checkpoint object/group.

Is it worth considering SNMP-only monitoring vs. analyzing full log files, especially for the above??

Thanks,

Glenn



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.