Product  
 

Available PIX Reports based on PIX Firewall Log Data

MonitorWare Console provides many reports for pix log analysis. The traffic that passed through the PIX firewall could be reviewed in simple to understand reports. Basic reports showing in and out data of the pix firewall logs are included as well as advanced reports to analysis unusual activities like hacking or some virus attack. The following section explains each report:

1. Accessed Web Sites Report

Unusual high website access can be a hint of worm or virus traffic. Therefore it makes sense to keep an eye on the website traffic which leaves your network. This report displays the top websites targets. It also shows the internal hosts which caused the most website traffic.

"Accessed Web Sites Report" samples are available:
- Exported in html format: Accessed Web Sites sample
- Crystal format as screenshot: 1. Overview 2. Detail View

2. Blocked Ports Activity Report

In a time of script kiddies, hackers and so on it is essential to have a well-configured firewall. Most attacks are stopped in their first steps by applying port blocking rules. Blocked ports events are often an indication that someone (or something) is probing your network. This report may help to detect such attempts. It displays the total attempts to connect to a blocked port from a specific IP address. So it is possible to track the person / IP that is trying to attack your system but is not able to do it because of your firewall settings.

"Blocked Ports Activity Report" samples are available:
- Exported in html format: Blocked Ports Activity sample
- Crystal format as screenshot: 1. Overview 2. Detail View

3. Possible Attacks Report

Firewalls like PIX generate some events which act as signal for a possible attack attempt. This report displays these possible attacks that might have occurred on your network. Besides the count this report gives an explanation about the special event. Further it makes a proposal for the action that should be carried out as precautionary measures. By its design this report can not display all possible attacks, but it acts as a fundamental element of the overall security strategy.

"Possible Attacks Report" samples are available:
- Exported in html format: Possible Attacks sample
- Crystal format as screenshot: 1. Overview 2. Detail View

4. Traffic By Hour Report

Traffic analysis is a vital point for several reasons. One point is to find the best time for maintenance. This report displays which hour of the day handled most and fewest traffic. It clearly shows which hours have reduced activity, so that you can schedule web sites or server maintenance during that time. Another point is to detect traffic peaks. With this report you can get an idea if you are too close to your limits of capacity or not.

"Traffic By Hour" samples are available:
- Exported in html format: Traffic By Hour sample
- Crystal format as screenshot: 1. Overview 2. Detail View

5. Traffic By Port Report

High traffic on specific ports is often an indication of virus or worms. For example, unusual intensive activity on port 25 probably means that someone use your machines for spamming. This report displays the activity on each port along with its number of Kilobytes that passed through. It can give you an idea if something is wrong or not.

"Traffic By Port" samples are available:
- Exported in html format: Traffic By Port sample
- Crystal format as screenshot: 1. Overview 2. Detail View

6. Outbound Traffic By IP

High speed Internet connections can be very helpful business tools but everyone is aware of the fact that there is always a risk of abuse. Some of the employees may not be following the decided norms of the company. With this report, you can quickly determine the top web surfers and downloaders in your organization based on the kilobytes of data used by them. This information can be used to take counter measures against such people.

"Outbound Traffic By IP" samples are available:
- Exported in html format: Outbound Traffic By IP sample
- Crystal format as screenshot: 1. Overview 2. Detail View

7. Traffic By Target IP

Similar to the "Outbound Traffic By IP" this report gives an indication which target is being used the most from your network.

"Traffic By Target IP" samples are available:
- Exported in html format: Outbound Traffic By IP sample
- Crystal format as screenshot: 1. Overview 2. Detail View

8. PIX Summary by Message Type

This report displays various messages of PIX along with their counts. This report clearly tells you that which events/messages are generated very frequently in your firewall and which messages occur very seldom.

"PIX Summary by Message Type Report" samples are available:
- Exported in html format: PIX Summary by Message Type sample
- Crystal format as screenshot: 1. Overview 2. Detail View

9. PIX Summary By Severity Level

With this report, you can quickly see at a glance that how many messages out of the total messages in the given time range were Alerts, Critical, Errors, Warnings, Notifications or Information Massages. Detailed view of each severity level is available, too. This can help you in quickly identifying the problematic areas.

"PIX Summary By Severity Level Report" samples are available:
- Exported in html format: PIX Summary by Message Type sample
- Crystal format as screenshot: 1. Overview 2. Detail View

When the grouping is done on the basis of Syslog tag and Messages then in that case, the messages are transformed so as to enable good compression of the messages. The transformation rules are defined in such a way that they remove the non-essential part from the message to improve the compression ratio. Click on the following link to see which Transformation Rules have been applied.

Transformation Rules for PIX Summary By Severity Level

If you can suggest any improvements in the existing Transformation Rules or if you could provide some new Transformation Rules that would further improve the quality of this report, we would be more than happy to accommodate those requests in this report to improve its quality. If you have any suggestions, please send them on support@adiscon.com

The Product description will show you some more about the general features of MonitorWare Console.
MonitorWareConsole
 Home
 The Products
General Information
MonitorWare Products
Which one to Purchase?
Order and Pricing
Upgrade Insurance Info
News Releases
Version History
Product Tour
 - Screenshots
 Event Repository
 Download
 Reference library
Common Uses
Centralized monitoring
Security Reference
 Help
Step by Step Guides
Support
Manual
FAQ
 - All
 - General questions
 - Configurations related
 - Monitorware Agent
 - Monitorware Console
Articles
Seminars Online
 - All
 - General
 - MonitorWare Console
 - MonitorWare Agent
 - WinSyslog related
 - EventReporter
 Order & pricing
Order now
Pricing Information
Upgrade Insurance Info
Local Reseller
 Contact Us
 Search
 
 



Printer Version Send this page to a friend

Copyright © 1988-2005 Adiscon GmbH All rights reserved.
Contact us via Secure Web Response | Privacy Policy
Topic Links: syslog | Free Weblinks Directory