F W L O G S U M     R E P O R T


Accepted Entries
Sorted by destination
Report generated on: Mon Jul 9 16:25:47 2007
Period for report data: 17 Nov 2001 at 14:10:58 to 26 Nov 2001 at 9:02:26
Period for matched data: 17 Nov 2001 at 14:10:58 to 26 Nov 2001 at 9:02:26

Total entries processed 18617
Entries matched on 18617
Inbound traffic 18616
Outbound traffic 1
Inbound Traffic 891 MB
Outbound Traffic 0 MB
Total Traffic 891 MB
Control Messages 0
Entries Ignored 0
Alert Entries 0
Attack Types 0
Unique Attack URLs 0
Encrypted/Decrypted Entries 0
Unknown Entries 0

Colour Index
Standard Entries
Highlighted Entries
Alert Entries
Encrypted/Decrypted Entries

View Report Summary

FW1 Host Source Address Destination Address Service Count Rule
FWFOOMAIN01webfoogen1.foo.com134.251.64.243tcp(ident)244
FWFOOMAIN01ns1.foo.com192.1.1.20tcp(smtp)144
FWFOOMAIN01ns1.foo.com192.1.1.21tcp(smtp)144
FWFOOMAIN01ns1.foo.com192.1.1.22tcp(smtp)144
FWFOOMAIN01devel.lab.foo.com192.1.1.8tcp(telnet)144
FWFOOMAIN01fwrtrmain01.foo.comapollo.foo.comtcp(TACACSplus)844
FWFOOMAIN01corelinkmain01.foo.comapollo.foo.comtcp(TACACSplus)1144
FWFOOMAIN01dhcp-100-101-160-062.dhcp.foo.comcorelinkmain01.foo.comtcp(telnet)141
FWFOOMAIN01192.1.1.13corelinkmain01.foo.comtcp(telnet)444
FWFOOMAIN01dhcp-100-101-160-062.dhcp.foo.comcorelinkmain01.foo.comtcp(telnet)844
FWFOOMAIN01test.lab.foo.comcorelinkmain01.foo.comtcp(telnet)144
FWFOOMAIN01fwmain01.foo.comdhcp-100-101-167-223.dhcp.foo.comtcp(X11)244
FWFOOMAIN01fwfoomain01.foo.comdhcp-100-101-167-233.dhcp.foo.comtcp(1487)141
FWFOOMAIN01dhcp-100-101-166-059.dhcp.foo.comfwfoomain01-2tcp(telnet)244
FWFOOMAIN01dhcp-100-101-166-057.dhcp.foo.comfwfoomain01-2tcp(telnet)144
INTERNETGWtest.lab.foo.comfwfoomain01-2tcp(smtp)144
FWFOOMAIN01test.lab.foo.comfwfoomain01-2tcp(smtp)144
FWFOOMAIN01dhcp-100-101-167-233.dhcp.foo.comfwfoomain01.foo.comtcp(telnet)341
FWFOOMAIN01devel.lab.foo.comfwfoomain01.foo.comtcp(ftp)244
FWFOOMAIN01ns1.foo.comfwfoomain01.foo.comtcp(smtp)144
FWFOOMAIN01dhcp-100-101-167-233.dhcp.foo.comfwfoomain01.foo.comtcp(telnet)844
FWFOOMAIN01devel.lab.foo.comfwfoomain01.foo.comtcp(telnet)144
FWFOOMAIN01test.lab.foo.comfwfoomain01.foo.comtcp(smtp)144
FWFOOMAIN01dhcp-100-101-167-233.dhcp.foo.comfwfoomain01.foo.comtcp(telnet)140
FWFOOMAIN01dhcp-100-101-167-223.dhcp.foo.comfwmain01.foo.comtcp(http)840
FWFOOMAIN01ns1.foo.comfwmain01.foo.comtcp(smtp)144
FWFOOMAIN01gwt.lab.foo.comfwmain01.foo.comtcp(telnet)144
FWFOOMAIN01dhcp-100-101-167-223.dhcp.foo.comfwmain01.foo.comtcp(http)2344
FWFOOMAIN01ns1.foo.comfwrtrmain01.foo.comtcp(smtp)144
FWFOOMAIN01webfoogen1.foo.comhermes.foo.comtcp(smtp)244
FWFOOMAIN01fwrtrmain01.foo.comns4.foo.comudp(ntp-udp)913276
FWFOOMAIN01corelinkmain01.foo.comns4.foo.comudp(ntp-udp)918176
FWFOOMAIN01mlink.foo.co.ukns4.foo.comudp(ntp-udp)276
FWFOOMAIN01mlink.foo.co.ukns4.foo.netudp(ntp-udp)376
FWFOOMAIN01fwrtrmain01.foo.comns4.foo.netudp(ntp-udp)476
FWFOOGW02corelinkmain01.foo.com.auns4.foo.net.auudp(ntp-udp)176
FWFOOMAIN01fwrtrmain01.foo.comns4.foo.net.nzudp(ntp-udp)376
FWFOOGW02corelinkmain01.foo.comns4.foo.net.nzudp(ntp-udp)176
FWFOOMAIN01mlink.foo.co.ukns4.foo.net.nzudp(ntp-udp)176
FWFOOGW02fwrtrmain01.foo.comns4.foo.net.nzudp(ntp-udp)176
FWFOOMAIN01corelinkmain01.foo.comns4.foo.net.nzudp(ntp-udp)376
FWFOOMAIN01fwrtrmain01.foo.com.auns4.foo.net.nz.auudp(ntp-udp)176
FWFOOMAIN01corelinkmain01.foo.comrtnw.foo.comudp(snmp-trap)1256
FWFOOMAIN01corelinkmain01.foo.comrtnw.foo.comudp(snmp-trap)4251
FWFOOMAIN01corelinkmain01.foo.comrtnw.foo.comudp(snmp-trap)1252
FWFOOMAIN01fwrtrmain01.foo.comrtnw.foo.comudp(snmp-trap)1248
FWFOOMAIN01corelinkmain01.foo.comrtnw.foo.comudp(snmp-trap)1247
FWFOOMAIN01corelinkmain01.foo.comrtnw.foo.comudp(snmp-trap)3250
FWFOOMAIN01fwrtrmain01.foo.comrtnw.foo.comudp(snmp-trap)1251
FWFOOMAIN01corelinkmain01.foo.comrtnw.foo.comudp(snmp-trap)1249
FWFOOMAIN01fwrtrmain01.foo.comrtnw.foo.comudp(snmp-trap)1250
FWFOOMAIN01corelinkmain01.foo.comrtnw.foo.comudp(snmp-trap)1253
FWFOOMAIN01fwrtrmain01.foo.comrtnw.foo.comudp(snmp-trap)2253
FWFOOMAIN01zeus.lab.foo.comwebfoogen1.foo.comtcp(telnet)141
FWFOOMAIN01devel.lab.foo.comwebfoogen1.foo.comtcp(telnet)944
FWFOOMAIN01devel.lab.foo.comwebfoogen1.foo.comtcp(telnet)242
FWFOOMAIN01zeus.lab.foo.comwebfoogen1.foo.comtcp(telnet)144
FWFOOMAIN01devel.lab.foo.comwebfoogen1.foo.comtcp(telnet)9940
FWFOOMAIN01devel.lab.foo.comwebfoogen1.foo.comtcp(pop-3)144
FWFOOMAIN01devel.lab.foo.comwebfoogen1.foo.comtcp(ftp)844
FWFOOMAIN01devel.lab.foo.comwebfoogen1.foo.comtcp(ftp)146
FWFOOMAIN01134.251.64.243webfoogen1.foo.comtcp(smtp)244
FWFOOMAIN01zeus.lab.foo.comwebfoogen1.foo.comtcp(telnet)3340
FWFOOMAIN01devel.lab.foo.comwebfoogen1.foo.comtcp(telnet)541
FWFOOMAIN01dhcp-100-101-162-201.dhcp.foo.comwebwebmain01.foo.comtcp(ftp)344
FWFOOMAIN01ns1.foo.comwebwebmain01.foo.comtcp(smtp)144
FWFOOMAIN01webfoogen1.foo.comzeus.lab.foo.comtcp(X11)144

Summary Information

Firewall Server: Top 10 of 3
FWhost Count Of Total %
FWFOOMAIN011861399.98%
FWFOOGW0230.02%
INTERNETGW10.01%

Firewall Server: Top 10 of 3
FWhost Megabytes Of Total %
FWFOOMAIN01891.50280952453699.98%
FWFOOGW020.1095733642578120.01%
INTERNETGW0.06309127807617190.01%

Users/Source Addresses: Top 10 of 21
Source Count Of Total %
corelinkmain01.foo.com920849.46%
fwrtrmain01.foo.com915349.16%
devel.lab.foo.com1290.69%
zeus.lab.foo.com350.19%
dhcp-100-101-167-223.dhcp.foo.com310.17%
dhcp-100-101-167-233.dhcp.foo.com120.06%
dhcp-100-101-160-062.dhcp.foo.com90.05%
ns1.foo.com70.04%
mlink.foo.co.uk60.03%
webfoogen1.foo.com50.03%

Users/Source Bandwidth: Top 10 of 21
Source Megabytes Of Total %
corelinkmain01.foo.com441.76818943023749.54%
fwrtrmain01.foo.com437.03380966186549.01%
devel.lab.foo.com6.448231697082520.72%
dhcp-100-101-167-223.dhcp.foo.com1.725318908691410.19%
zeus.lab.foo.com1.684909820556640.19%
dhcp-100-101-167-233.dhcp.foo.com0.6204710006713870.07%
mlink.foo.co.uk0.396250724792480.04%
dhcp-100-101-160-062.dhcp.foo.com0.3239326477050780.04%
ns1.foo.com0.2840309143066410.03%
192.1.1.130.2667760848999020.03%

Users/Destination Addresses: Top 10 of 23
Destination Count Of Total %
ns4.foo.com1831598.38%
webfoogen1.foo.com1620.87%
fwmain01.foo.com330.18%
apollo.foo.com190.10%
rtnw.foo.com170.09%
fwfoomain01.foo.com170.09%
corelinkmain01.foo.com140.08%
ns4.foo.net.nz90.05%
ns4.foo.net70.04%
fwfoomain01-250.03%

Users/Destination Bandwidth: Top 10 of 23
Destination Megabytes Of Total %
ns4.foo.com876.79304218292298.33%
webfoogen1.foo.com8.045251846313480.90%
fwmain01.foo.com1.85857295989990.21%
fwfoomain01.foo.com0.8631277084350590.10%
apollo.foo.com0.8143396377563480.09%
rtnw.foo.com0.7994394302368160.09%
corelinkmain01.foo.com0.633714675903320.07%
ns4.foo.net.nz0.4829425811767580.05%
ns4.foo.net0.3084859848022460.03%
fwfoomain01-20.2317228317260740.03%

Service Usage: Top 10 of 11
Service Count Of Total %
udp(ntp-udp)1833398.47%
tcp(telnet)1820.98%
tcp(http)310.17%
tcp(TACACSplus)190.10%
udp(snmp-trap)170.09%
tcp(smtp)140.08%
tcp(ftp)140.08%
tcp(X11)30.02%
tcp(ident)20.01%
tcp(1487)10.01%

Service Bandwidth: Top 10 of 11
Service Megabytes Of Total %
udp(ntp-udp)877.65256309509398.43%
tcp(telnet)8.976838111877441.01%
tcp(http)1.725318908691410.19%
tcp(TACACSplus)0.8143396377563480.09%
udp(snmp-trap)0.7994394302368160.09%
tcp(smtp)0.6832323074340820.08%
tcp(ftp)0.6796083450317380.08%
tcp(X11)0.1813402175903320.02%
tcp(1487)0.07927131652832030.01%
tcp(ident)0.06348991394042970.01%

Rule Usage: Top 10 of 14
Rule Count Of Total %
Rule 761833398.47%
Rule 401410.76%
Rule 441120.60%
Rule 41110.06%
Rule 25150.03%
Rule 25040.02%
Rule 25330.02%
Rule 4220.01%
Rule 25210.01%
Rule 24810.01%

Rule Usage Bandwidth: Top 10 of 14
Rule Megabytes Of Total %
Rule 76877.65256309509398.43%
Rule 406.805161476135250.76%
Rule 445.522933006286620.62%
Rule 410.6642808914184570.07%
Rule 2530.2368183135986330.03%
Rule 2510.2162408828735350.02%
Rule 2500.1697368621826170.02%
Rule 420.1636133193969730.02%
Rule 2520.07409572601318360.01%
Rule 460.06748294830322270.01%

Network Interface Usage: Top 10 of 5
Networks Count Of Total %
FWFOOMAIN01 hme1 (inbound)1837398.69%
FWFOOMAIN01 hme0 (inbound)2391.28%
FWFOOGW02 hme1 (inbound)30.02%
Internet Gateway (inbound)10.01%
FWFOOMAIN01 hme0 (outbound)10.01%

Network Interface Bandwidth: Top 10 of 5
Networks Megabytes Of Total %
FWFOOMAIN01 hme1 (inbound)879.48249721527198.63%
FWFOOMAIN01 hme0 (inbound)11.94104099273681.34%
FWFOOGW02 hme1 (inbound)0.1095733642578120.01%
FWFOOMAIN01 hme0 (outbound)0.07927131652832030.01%
Internet Gateway (inbound)0.06309127807617190.01%

Source Domains: Top 10 of 4
SrcDomain Count Of Total %
US Commercial1860399.92%
United Kingdom60.03%
Unresolved60.03%
Australia20.01%

Source Domains Bandwidth: Top 10 of 4
SrcDomain Megabytes Of Total %
US Commercial890.7954940795999.90%
Unresolved0.4156370162963870.05%
United Kingdom0.396250724792480.04%
Australia0.06809234619140620.01%

Destination Domains: Top 10 of 6
DestDomain Count Of Total %
US Commercial1858899.84%
New Zealand90.05%
Network70.04%
Unresolved60.03%
Unknown50.03%
Australia20.01%

Destination Domains Bandwidth: Top 10 of 6
DestDomain Megabytes Of Total %
US Commercial890.33628368377799.85%
New Zealand0.4829425811767580.05%
Network0.3084859848022460.03%
Unresolved0.2479467391967770.03%
Unknown0.2317228317260740.03%
Australia0.06809234619140620.01%

Daily Usage
Daily Count Of Total %
20Nov2001268414.42%
21Nov2001266114.29%
19Nov2001263114.13%
18Nov2001262814.12%
22Nov2001258813.90%
25Nov200117239.25%
23Nov200114217.63%
17Nov200110695.74%
26Nov200110275.52%
21Nov98270.15%

Daily Bandwidth
Daily Megabytes Of Total %
20Nov2001128.98342800140414.47%
21Nov2001127.45395183563214.29%
19Nov2001126.83461761474614.22%
18Nov2001124.90947341918914.01%
22Nov2001124.69643783569313.98%
25Nov200181.76041412353529.17%
23Nov200167.58595180511477.58%
17Nov200151.40891361236575.77%
26Nov200148.99281311035165.49%
20Nov981.567776679992680.18%

Hourly Periods: Top 10
Time Count Of Total %
8AM-9AM8794.72%
11AM-12AM8054.32%
10AM-11AM8014.30%
3PM-4PM8014.30%
6PM-7PM7944.26%
10PM-11PM7944.26%
9AM-10AM7924.25%
4PM-5PM7904.24%
12AM-1PM7894.24%
5PM-6PM7874.23%

Hourly Bandwidth
Hourly Megabytes Of Total %
8AM-9AM41.90472698211674.70%
4PM-5PM39.31156349182134.41%
11AM-12AM38.73546409606934.34%
6PM-7PM38.63539695739754.33%
3PM-4PM38.22459697723394.29%
10PM-11PM38.02528762817384.26%
12AM-1PM37.85158920288094.24%
0AM-1AM37.84428119659424.24%
10AM-11AM37.60134601593024.22%
5PM-6PM37.33282947540284.19%

Top of Report

fwlogsum Version: 5.0.3
Generated: Mon Jul 9 16:25:47 2007