Hi,
The OP is referring to Eventia Analyzer, not Eventia Reporter.
As far as I'm aware the number that you're seeing in the Analyzer
client should be the same as the number of log entries you see in the
Tracker.
This can be verified by creating a custom rule in the Analyzer that
fires an alert when, for example, icmp hits the firewall.
Then setup some icmp traffic and start counting...
If there are really "over a million" connections accepted by the fw
then you should be able to find them easily in your mta logs (sync
with TVO ;))
Kr.
Robby
On 9/28/06, Jean-Paul Baillon <jpbaillon AT netstarnetworks DOT com> wrote:
Eventia Reporter has 2 reports Standard and Express
Standard reports are generated from information in log consolidator log
files through the consolidation process
Express reports are generated from data collected from check point
system counters and smartview monitor history files
JP
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Steven
De Pauw
Sent: Thursday, 28 September 2006 6:59 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Eventia analyzer
Hi,
Does eventia analyzer uses the same logs as you see in the tracker.
Lately we have been getting critical alerts that ip addresses (always
others) are opening over a million smtp connections through the
firewall.
If I search in the tracker I only see a couple logs entries from those
addresses..
Anyone has more information about this?
Tnx in advance
Steven
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
