F W L O G S U M     R E P O R T


Dropped and Rejected Entries
Inbound Traffic
Sorted by count
Report generated on: Mon Jul 9 16:25:34 2007
Period for report data: 20 Oct 2001 at 17:21:03 to 26 Nov 2001 at 9:02:26
Period for matched data: 17 Nov 2001 at 14:10:43 to 26 Nov 2001 at 9:01:59

Total entries processed 18995
Entries matched on 310
Inbound traffic 18952
Outbound traffic 8
Control Messages 35
Entries Ignored 8
Alert Entries 2
Attack Types 0
Unique Attack URLs 0
Encrypted/Decrypted Entries 4
Unknown Entries 0

Colour Index
Standard Entries
Highlighted Entries
Alert Entries
Encrypted/Decrypted Entries

View Report Summary

FW1 Host Source Address Destination Address Service Count Rule
FWFOOMAIN01corelinkmain01.foo.comapollo.foo.comtcp(TACACSplus)444
FWFOOMAIN01webfoogen1.foo.comdevel.lab.foo.comtcp(38567)424
FWFOOMAIN01webfoogen1.foo.comdevel.lab.foo.comtcp(38530)414
FWFOOMAIN01webfoogen1.foo.comzeus.lab.foo.comtcp(1573)334
FWFOOMAIN01dhcp-100-101-162-201.dhcp.foo.comwebwebmain01.foo.comtcp(sunrpc)304
FWFOOMAIN01fwrtrmain01.foo.comns4.foo.comudp(ntp-udp)154
FWFOOMAIN01dhcp-100-101-162-201.dhcp.foo.comwebwebmain01.foo.comtcp(nbsession)134
FWFOOMAIN01webfoogen1.foo.comdevel.lab.foo.comtcp(35338)94
FWFOOMAIN01fwmain01.foo.comdhcp-100-101-167-223.dhcp.foo.comtcp(1167)84
FWFOOMAIN01webfoogen1.foo.comdevel.lab.foo.comtcp(54924)74
FWFOOMAIN01fwrtrmain01.foo.comapollo.foo.comtcp(TACACSplus)64
FWFOOMAIN01fwrtrmain01.foo.comns4.foo.comudp(ntp-udp)53
FWFOOMAIN01mlink.foo.co.ukns4.foo.comudp(ntp-udp)43
FWFOOMAIN01gwt.lab.foo.comfwfoomain01.foo.comtcp(telnet)43
FWFOOMAIN01test.lab.foo.comfwfoomain01.foo.comtcp(smtp)43
FWFOOMAIN01fwrtrmain01.foo.comns4.foo.comudp(ntp-udp)33
FWFOOMAIN01dhcp-100-101-167-233.dhcp.foo.comfwmain01.foo.comudp(177)24
FWFOOMAIN01mlink.foo.co.ukns4.foo.comudp(ntp-udp)23
FWFOOGW02mlink.foo.co.ukns4.foo.comudp(ntp-udp)23
FWFOOMAIN01test.lab.foo.comfwfoomain01.foo.comtcp(smtp)23
FWFOOGW02fwrtrmain01.foo.comns4.foo.comudp(ntp-udp)23
FWFOOMAIN01devel.lab.foo.comwebfoogen1.foo.comtcp(login)24
FWFOOMAIN01test.lab.foo.comfwfoomain01-2tcp(smtp)23
FWFOOMAIN01mlink.foo.co.ukns4.foo.netudp(ntp-udp)23
FWFOOMAIN01ns1.foo.com192.1.1.16tcp(smtp)14
FWFOOMAIN01dhcp-100-101-167-233.dhcp.foo.comfwfoomain01.foo.comtcp(telnet)13
FWFOOMAIN01dhcp-100-101-167-223.dhcp.foo.comfwmain01.foo.comtcp(FW1_mgmt)14
FWFOOMAIN01fwmain01.foo.comrtnw.foo.comtcp(telnet)14
INTERNETGWmlink.foo.co.ukns4.foo.comudp(ntp-udp)13
FWFOOMAIN01gwt.lab.foo.comcorelinkmain01.foo.comtcp(45)13
FWFOOMAIN01fwrtrmain01.foo.com192.1.1.13tcp(telnet)14
FWFOOMAIN01fwrtrmain01.foo.comrtnw.foo.comtcp(telnet)14
FWFOOMAIN01dhcp-100-101-167-233.dhcp.foo.comfwfoomain01-2udp(nbname)14
FWFOOGW02gwt.lab.foo.comfwfoomain01.foo.comtcp(shell)13
INTERNETGWtest.lab.foo.comfwfoomain01.foo.comtcp(tcpmux)13
INTERNETGWtest.lab.foo.comfwfoomain01-2tcp(tcpmux)13
FWFOOMAIN01192.1.28.252webfoogen1.foo.comtcp(login)14
FWFOOMAIN01webfoogen1.foo.comapollo.foo.comtcp(telnet)14
FWFOOMAIN01gwt.lab.foo.comfwfoomain01.foo.comtcp(telnet)13
FWFOOMAIN01ns1.foo.com192.1.1.23tcp(smtp)14
FWFOOGW02dhcp-100-101-167-233.dhcp.foo.comfwfoomain01.foo.comtcp(telnet)13
FWFOOGW02dhcp-100-101-167-233.dhcp.foo.com.aufwfoomain01.foo.com.autcp(telnet)13
FWFOOMAIN01gwt.lab.foo.comfwfoomain01.foo.comudp(33442)13
FWFOOMAIN01fwrtrmain01.foo.comns4.foo.netudp(ntp-udp)13
FWFOOMAIN01webfoogen1.foo.comapollo.foo.comtcp(login)14
FWFOOMAIN01corelinkmain01.foo.com192.1.1.13tcp(telnet)14
FWFOOMAIN01corelinkmain01.foo.comrtnw.foo.comtcp(telnet)14
FWFOOMAIN01gwt.lab.foo.comfwfoomain01.foo.comudp(33443)13
FWFOOMAIN01gwt.lab.foo.comfwfoomain01.foo.comudp(33441)13
FWFOOMAIN01ns1.foo.com255.255.255.255tcp(smtp)14

Summary Information

Firewall Server: Top 10 of 3
FWhost Count Of Total %
FWFOOMAIN0130096.77%
FWFOOGW0272.26%
INTERNETGW30.97%

Users/Source Addresses: Top 10 of 14
Source Count Of Total %
webfoogen1.foo.com13443.23%
corelinkmain01.foo.com4614.84%
dhcp-100-101-162-201.dhcp.foo.com4313.87%
fwrtrmain01.foo.com3410.97%
mlink.foo.co.uk113.55%
gwt.lab.foo.com103.23%
test.lab.foo.com103.23%
fwmain01.foo.com92.90%
dhcp-100-101-167-233.dhcp.foo.com51.61%
ns1.foo.com30.97%

Users/Destination Addresses: Top 10 of 18
Destination Count Of Total %
devel.lab.foo.com9931.94%
apollo.foo.com5216.77%
webwebmain01.foo.com4313.87%
ns4.foo.com3410.97%
zeus.lab.foo.com3310.65%
fwfoomain01.foo.com185.81%
dhcp-100-101-167-223.dhcp.foo.com82.58%
fwfoomain01-241.29%
fwmain01.foo.com30.97%
rtnw.foo.com30.97%

Service Usage: Top 10 of 22
Service Count Of Total %
tcp(TACACSplus)5016.13%
tcp(38567)4213.55%
tcp(38530)4113.23%
udp(ntp-udp)3711.94%
tcp(1573)3310.65%
tcp(sunrpc)309.68%
tcp(telnet)144.52%
tcp(nbsession)134.19%
tcp(smtp)113.55%
tcp(35338)92.90%

Rule Usage: Top 10 of 2
Rule Count Of Total %
Rule 426585.48%
Rule 34514.52%

Network Interface Usage: Top 10 of 6
Networks Count Of Total %
FWFOOMAIN01 hme1 (inbound)22973.87%
FWFOOMAIN01 hme0 (inbound)7122.90%
FWFOOGW02 hme1 (inbound)41.29%
FWFOOGW02 hme0 (inbound)30.97%
Internet Gateway (inbound)20.65%
Web Services Network (inbound)10.32%

Alert Types: Top 10 of 2
AlertType Count Of Total %
log10.32%
mail10.32%

Source Domains: Top 10 of 4
SrcDomain Count Of Total %
US Commercial29795.81%
United Kingdom113.55%
Australia10.32%
Unresolved10.32%

Destination Domains: Top 10 of 5
DestDomain Count Of Total %
US Commercial29795.81%
Unresolved51.61%
Unknown41.29%
Network30.97%
Australia10.32%

Daily Usage
Daily Count Of Total %
23Nov20016420.65%
22Nov20016119.68%
17Nov20016019.35%
21Nov20013611.61%
20Nov20013410.97%
26Nov2001185.81%
19Nov2001134.19%
25Nov2001134.19%
18Nov2001113.55%

Hourly Periods: Top 10
Time Count Of Total %
2PM-3PM6621.29%
11AM-12AM3812.26%
7PM-8PM289.03%
1PM-2PM206.45%
8AM-9AM185.81%
10AM-11AM165.16%
6AM-7AM113.55%
4AM-5AM113.55%
6PM-7PM113.55%
2AM-3AM113.55%

Top of Report

fwlogsum Version: 5.0.3
Generated: Mon Jul 9 16:25:34 2007