F W L O G S U M R E P O R T
|
Accepted Entries Sorted by count Report generated on: Mon Jul 9 16:25:34 2007 Period for report data: 20 Oct 2001 at 17:21:03 to 26 Nov 2001 at 9:02:26 Period for matched data: 17 Nov 2001 at 14:10:58 to 26 Nov 2001 at 9:02:26 |
| Total entries processed | 18995 |
| Entries matched on | 18650 |
| Inbound traffic | 18952 |
| Outbound traffic | 8 |
| Control Messages | 35 |
| Entries Ignored | 0 |
| Alert Entries | 2 |
| Attack Types | 0 |
| Unique Attack URLs | 0 |
| Encrypted/Decrypted Entries | 4 |
| Unknown Entries | 0 |
| Colour Index |
| Standard Entries |
| Highlighted Entries |
| Alert Entries |
| Encrypted/Decrypted Entries |
| Firewall Server: Top 10 of 3 | |||
| FWhost | Count | Of Total | % |
| FWFOOMAIN01 | 18646 | 99.98% | |
| FWFOOGW02 | 3 | 0.02% | |
| INTERNETGW | 1 | 0.01% | |
| Users/Source Addresses: Top 10 of 26 | |||
| Source | Count | Of Total | % |
| corelinkmain01.foo.com | 9210 | 49.38% | |
| fwrtrmain01.foo.com | 9154 | 49.08% | |
| devel.lab.foo.com | 130 | 0.70% | |
| zeus.lab.foo.com | 35 | 0.19% | |
| dhcp-100-101-167-223.dhcp.foo.com | 31 | 0.17% | |
| dhcp-100-101-167-233.dhcp.foo.com | 13 | 0.07% | |
| dhcp-100-101-160-062.dhcp.foo.com | 9 | 0.05% | |
| webwebmain01.foo.com | 7 | 0.04% | |
| dhcp-100-101-162-201.dhcp.foo.com | 7 | 0.04% | |
| ns1.foo.com | 7 | 0.04% | |
| Users/Destination Addresses: Top 10 of 28 | |||
| Destination | Count | Of Total | % |
| ns4.foo.com | 18315 | 98.20% | |
| webfoogen1.foo.com | 164 | 0.88% | |
| fwmain01.foo.com | 34 | 0.18% | |
| apollo.foo.com | 24 | 0.13% | |
| fwfoomain01.foo.com | 19 | 0.10% | |
| rtnw.foo.com | 17 | 0.09% | |
| corelinkmain01.foo.com | 15 | 0.08% | |
| webwebmain01.foo.com | 12 | 0.06% | |
| ns4.foo.net.nz | 9 | 0.05% | |
| fwfoomain01-2 | 7 | 0.04% | |
| Service Usage: Top 10 of 16 | |||
| Service | Count | Of Total | % |
| udp(ntp-udp) | 18333 | 98.30% | |
| tcp(telnet) | 182 | 0.98% | |
| tcp(http) | 31 | 0.17% | |
| tcp(TACACSplus) | 19 | 0.10% | |
| udp(snmp-trap) | 17 | 0.09% | |
| tcp(ftp) | 14 | 0.08% | |
| tcp(smtp) | 14 | 0.08% | |
| icmp(8/0) | 14 | 0.08% | |
| icmp(0/0) | 14 | 0.08% | |
| tcp(X11) | 3 | 0.02% | |
| Rule Usage: Top 10 of 3 | |||
| Rule | Count | Of Total | % |
| Rule 2 | 18372 | 98.51% | |
| Rule 1 | 236 | 1.27% | |
| Rule 3 | 42 | 0.23% | |
| Network Interface Usage: Top 10 of 6 | |||
| Networks | Count | Of Total | % |
| FWFOOMAIN01 hme1 (inbound) | 18386 | 98.58% | |
| FWFOOMAIN01 hme0 (inbound) | 252 | 1.35% | |
| FWFOOMAIN01 hme0 (outbound) | 6 | 0.03% | |
| FWFOOGW02 hme1 (inbound) | 3 | 0.02% | |
| FWFOOMAIN01 hme1 (outbound) | 2 | 0.01% | |
| Internet Gateway (inbound) | 1 | 0.01% | |
| Alert Types: Top 10 of 2 | |||
| AlertType | Count | Of Total | % |
| log | 1 | 0.01% | |
| 1 | 0.01% | ||
| Source Domains: Top 10 of 5 | |||
| SrcDomain | Count | Of Total | % |
| US Commercial | 18632 | 99.90% | |
| Unresolved | 7 | 0.04% | |
| United Kingdom | 6 | 0.03% | |
| Unknown | 3 | 0.02% | |
| Australia | 2 | 0.01% | |
| Destination Domains: Top 10 of 6 | |||
| DestDomain | Count | Of Total | % |
| US Commercial | 18618 | 99.83% | |
| New Zealand | 9 | 0.05% | |
| Network | 7 | 0.04% | |
| Unknown | 7 | 0.04% | |
| Unresolved | 7 | 0.04% | |
| Australia | 2 | 0.01% | |
| Daily Usage | |||
| Daily | Count | Of Total | % |
| 20Nov2001 | 2711 | 14.54% | |
| 21Nov2001 | 2689 | 14.42% | |
| 18Nov2001 | 2672 | 14.33% | |
| 19Nov2001 | 2658 | 14.25% | |
| 22Nov2001 | 2617 | 14.03% | |
| 25Nov2001 | 1743 | 9.35% | |
| 23Nov2001 | 1436 | 7.70% | |
| 17Nov2001 | 1084 | 5.81% | |
| 26Nov2001 | 1040 | 5.58% | |
| Hourly Periods: Top 10 | |||
| Time | Count | Of Total | % |
| 8AM-9AM | 880 | 4.72% | |
| 11AM-12AM | 813 | 4.36% | |
| 3PM-4PM | 807 | 4.33% | |
| 10AM-11AM | 803 | 4.31% | |
| 6PM-7PM | 794 | 4.26% | |
| 9AM-10AM | 794 | 4.26% | |
| 4PM-5PM | 794 | 4.26% | |
| 10PM-11PM | 794 | 4.26% | |
| 12AM-1PM | 789 | 4.23% | |
| 5PM-6PM | 788 | 4.23% | |