[BBLISA] Pix Syslog Analyzer
Nathan Faust
nfaust at merchantwarehouse.com
Mon Dec 11 16:44:03 EST 2006
Hi all,
I'm trying to find or build a simple program to run on my Ubuntu Linux
server that takes the syslog files or SNMP info from my Cisco Pix 515e
and gives me a bandwidth utilization of employees and the sites/services
they are using.
The issue is, my company currently has 1 t1, which is being maxed out.
I can see that with MRTG (multi router traffic grapher) that the
internal and external interfaces are being pegged with downloads for
periods of time. I thought maybe it was a DoS attack, but the bandwidth
utilization of the internal and external ports match pretty uniformly.
Now I just need to figure out who's using the bandwidth and why. My
guess is internet radio or other non-work related websites, but need to
log it. Another issue is that the Pix syslog doesn't report data size,
which makes it hard to determine network abusers.
I found `fwanalog`, which analyzes the syslog file for `Denied`
connections, but I can't find much help with configuring it to report
`Accepts`.
Thanks for any suggestions you have.
See you soon.
Nathan.
-----------------------
Nathan Faust
Systems Administrator
Merchant Warehouse
Two International Place
Fourth Floor
Boston, MA 02110
Phone: 617.896.5558
Fax: 617.854.8923
http://www.merchantwarehouse.com/
More information about the bblisa
mailing list