Re: [FW-1] Rulebase Hit Count.

Subject:	Re: [FW-1] Rulebase Hit Count.
From:	Christian Chiaverini <cchiaver AT CV DOT NET>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 2 Jun 2005 05:20:19 -0400

Sure there is.  In the firewall logs there is a section for rules.  

First thing is make sure all rules are set to log (keep in mind you will
increase load on firewalls and logging/management servers).

Then you will have a few options:

1) use SmartReporter (you may not need to turn on logging on all rules for
this one).

2) You can export your log and parse through it.  Writing your own scripts.

3) There are plenty of parsers freely available
http://www.loganalysis.org/sections/parsing/application-specific/
One that was simple to setup is
http://www.fellhauer-web.de/projects/fw1-loggrabber.html




Christian Chiaverini

 

> -----Original Message-----
> From: Mailing list for discussion of Firewall-1 
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf 
> Of Vijayendra Sharma
> Sent: Thursday, June 02, 2005 4:38 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] Rulebase Hit Count.
> 
> Hi All,
>  
> I want to streamline my rulebase depending upon hit-list. ie; 
> I plan to move most used rule towards the top of rule-base.
>  
> Is there a way I can have counts of hits for each rule in a rule-base?
>  
> Best Regards,
> Vijayendra K. S.
> 
> Send instant messages to your online friends 
> http://asia.messenger.yahoo.com 
> 
> =================================================
> To set vacation, Out-Of-Office, or away messages, send an 
> email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your subscription 
> options, email fw-1-owner AT ts.checkpoint DOT com 
> =================================================
> 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Rulebase Hit Count., Vijayendra Sharma Re: [FW-1] Rulebase Hit Count., Christian Chiaverini <= Re: [FW-1] Rulebase Hit Count., Srikrishna.K Re: [FW-1] Rulebase Hit Count., Vadiraj_Joshi Re: [FW-1] Rulebase Hit Count., Matthias Leu Re: [FW-1] Rulebase Hit Count., Srikrishna.K

Previous by Date:	[FW-1] Rulebase Hit Count., Vijayendra Sharma
Next by Date:	Re: [FW-1] Can't access machine with smart Dashbord, Patrick Marquetecken
Previous by Thread:	[FW-1] Rulebase Hit Count., Vijayendra Sharma
Next by Thread:	Re: [FW-1] Rulebase Hit Count., Srikrishna.K
Indexes:	[Date] [Thread] [Top] [All Lists]