FWLOGSUM REPORT Accepted Entries Sorted by destination Report generated on: Mon Jul 9 16:25:49 2007 Period for report data: 17 Nov 2001 at 14:10:58 to 26 Nov 2001 at 9:02:26 Period for matched data: 17 Nov 2001 at 14:10:58 to 26 Nov 2001 at 9:02:26 Total entries processed: 18617 Entries matched on: 18617 Inbound traffic: 18616 Outbound traffic: 1 Control Messages: 0 Alert Entries: 0 Encrypted/Decrypted Entries: 0 Unknown entries 0 Inbound Traffic: 891 MB Outbound Traffic: 0 MB Total traffic (matched): 891 MB Entries ignored: 0 Attack Types: 0 Unique Attack URLs: 0 FW-1 HOST SOURCE ADDRESS DESTINATION ADDRESS SERVICE COUNT RULE ----------------------------------------------------------------------------------------------------------------------------------- FWFOOMAIN01 webfoogen1.foo.com 134.251.64.243 tcp(ident) 2 44 FWFOOMAIN01 ns1.foo.com 192.1.1.20 tcp(smtp) 1 44 FWFOOMAIN01 ns1.foo.com 192.1.1.21 tcp(smtp) 1 44 FWFOOMAIN01 ns1.foo.com 192.1.1.22 tcp(smtp) 1 44 FWFOOMAIN01 devel.lab.foo.com 192.1.1.8 tcp(telnet) 1 44 FWFOOMAIN01 fwrtrmain01.foo.com apollo.foo.com tcp(TACACSplus) 8 44 FWFOOMAIN01 corelinkmain01.foo.com apollo.foo.com tcp(TACACSplus) 11 44 FWFOOMAIN01 dhcp-100-101-160-062.dhcp.foo.com corelinkmain01.foo.com tcp(telnet) 1 41 FWFOOMAIN01 192.1.1.13 corelinkmain01.foo.com tcp(telnet) 4 44 FWFOOMAIN01 dhcp-100-101-160-062.dhcp.foo.com corelinkmain01.foo.com tcp(telnet) 8 44 FWFOOMAIN01 test.lab.foo.com corelinkmain01.foo.com tcp(telnet) 1 44 FWFOOMAIN01 fwmain01.foo.com dhcp-100-101-167-223.dhcp.foo.com tcp(X11) 2 44 FWFOOMAIN01 fwfoomain01.foo.com dhcp-100-101-167-233.dhcp.foo.com tcp(1487) 1 41 FWFOOMAIN01 dhcp-100-101-166-059.dhcp.foo.com fwfoomain01-2 tcp(telnet) 2 44 FWFOOMAIN01 dhcp-100-101-166-057.dhcp.foo.com fwfoomain01-2 tcp(telnet) 1 44 INTERNETGW test.lab.foo.com fwfoomain01-2 tcp(smtp) 1 44 FWFOOMAIN01 test.lab.foo.com fwfoomain01-2 tcp(smtp) 1 44 FWFOOMAIN01 dhcp-100-101-167-233.dhcp.foo.com fwfoomain01.foo.com tcp(telnet) 3 41 FWFOOMAIN01 devel.lab.foo.com fwfoomain01.foo.com tcp(ftp) 2 44 FWFOOMAIN01 ns1.foo.com fwfoomain01.foo.com tcp(smtp) 1 44 FWFOOMAIN01 dhcp-100-101-167-233.dhcp.foo.com fwfoomain01.foo.com tcp(telnet) 8 44 FWFOOMAIN01 devel.lab.foo.com fwfoomain01.foo.com tcp(telnet) 1 44 FWFOOMAIN01 test.lab.foo.com fwfoomain01.foo.com tcp(smtp) 1 44 FWFOOMAIN01 dhcp-100-101-167-233.dhcp.foo.com fwfoomain01.foo.com tcp(telnet) 1 40 FWFOOMAIN01 dhcp-100-101-167-223.dhcp.foo.com fwmain01.foo.com tcp(http) 8 40 FWFOOMAIN01 ns1.foo.com fwmain01.foo.com tcp(smtp) 1 44 FWFOOMAIN01 gwt.lab.foo.com fwmain01.foo.com tcp(telnet) 1 44 FWFOOMAIN01 dhcp-100-101-167-223.dhcp.foo.com fwmain01.foo.com tcp(http) 23 44 FWFOOMAIN01 ns1.foo.com fwrtrmain01.foo.com tcp(smtp) 1 44 FWFOOMAIN01 webfoogen1.foo.com hermes.foo.com tcp(smtp) 2 44 FWFOOMAIN01 fwrtrmain01.foo.com ns4.foo.com udp(ntp-udp) 9132 76 FWFOOMAIN01 corelinkmain01.foo.com ns4.foo.com udp(ntp-udp) 9181 76 FWFOOMAIN01 mlink.foo.co.uk ns4.foo.com udp(ntp-udp) 2 76 FWFOOMAIN01 mlink.foo.co.uk ns4.foo.net udp(ntp-udp) 3 76 FWFOOMAIN01 fwrtrmain01.foo.com ns4.foo.net udp(ntp-udp) 4 76 FWFOOGW02 corelinkmain01.foo.com.au ns4.foo.net.au udp(ntp-udp) 1 76 FWFOOMAIN01 fwrtrmain01.foo.com ns4.foo.net.nz udp(ntp-udp) 3 76 FWFOOGW02 corelinkmain01.foo.com ns4.foo.net.nz udp(ntp-udp) 1 76 FWFOOMAIN01 mlink.foo.co.uk ns4.foo.net.nz udp(ntp-udp) 1 76 FWFOOGW02 fwrtrmain01.foo.com ns4.foo.net.nz udp(ntp-udp) 1 76 FWFOOMAIN01 corelinkmain01.foo.com ns4.foo.net.nz udp(ntp-udp) 3 76 FWFOOMAIN01 fwrtrmain01.foo.com.au ns4.foo.net.nz.au udp(ntp-udp) 1 76 FWFOOMAIN01 corelinkmain01.foo.com rtnw.foo.com udp(snmp-trap) 1 256 FWFOOMAIN01 corelinkmain01.foo.com rtnw.foo.com udp(snmp-trap) 4 251 FWFOOMAIN01 corelinkmain01.foo.com rtnw.foo.com udp(snmp-trap) 1 252 FWFOOMAIN01 fwrtrmain01.foo.com rtnw.foo.com udp(snmp-trap) 1 248 FWFOOMAIN01 corelinkmain01.foo.com rtnw.foo.com udp(snmp-trap) 1 247 FWFOOMAIN01 corelinkmain01.foo.com rtnw.foo.com udp(snmp-trap) 3 250 FWFOOMAIN01 fwrtrmain01.foo.com rtnw.foo.com udp(snmp-trap) 1 251 FWFOOMAIN01 corelinkmain01.foo.com rtnw.foo.com udp(snmp-trap) 1 249 FWFOOMAIN01 fwrtrmain01.foo.com rtnw.foo.com udp(snmp-trap) 1 250 FWFOOMAIN01 corelinkmain01.foo.com rtnw.foo.com udp(snmp-trap) 1 253 FWFOOMAIN01 fwrtrmain01.foo.com rtnw.foo.com udp(snmp-trap) 2 253 FWFOOMAIN01 zeus.lab.foo.com webfoogen1.foo.com tcp(telnet) 1 41 FWFOOMAIN01 devel.lab.foo.com webfoogen1.foo.com tcp(telnet) 9 44 FWFOOMAIN01 devel.lab.foo.com webfoogen1.foo.com tcp(telnet) 2 42 FWFOOMAIN01 zeus.lab.foo.com webfoogen1.foo.com tcp(telnet) 1 44 FWFOOMAIN01 devel.lab.foo.com webfoogen1.foo.com tcp(telnet) 99 40 FWFOOMAIN01 devel.lab.foo.com webfoogen1.foo.com tcp(pop-3) 1 44 FWFOOMAIN01 devel.lab.foo.com webfoogen1.foo.com tcp(ftp) 8 44 FWFOOMAIN01 devel.lab.foo.com webfoogen1.foo.com tcp(ftp) 1 46 FWFOOMAIN01 134.251.64.243 webfoogen1.foo.com tcp(smtp) 2 44 FWFOOMAIN01 zeus.lab.foo.com webfoogen1.foo.com tcp(telnet) 33 40 FWFOOMAIN01 devel.lab.foo.com webfoogen1.foo.com tcp(telnet) 5 41 FWFOOMAIN01 dhcp-100-101-162-201.dhcp.foo.com webwebmain01.foo.com tcp(ftp) 3 44 FWFOOMAIN01 ns1.foo.com webwebmain01.foo.com tcp(smtp) 1 44 FWFOOMAIN01 webfoogen1.foo.com zeus.lab.foo.com tcp(X11) 1 44 SUMMARY INFORMATION Firewall Server: Top 10 of 3 ======================================================= FWFOOMAIN01 18613 99.98% FWFOOGW02 3 0.02% INTERNETGW 1 0.01% Firewall Server: Top 10 of 3 ======================================================= FWFOOMAIN01 891 99.98% FWFOOGW02 0 0.01% INTERNETGW 0 0.01% Users/Source Addresses: Top 10 of 21 ======================================================= corelinkmain01.foo.com 9208 49.46% fwrtrmain01.foo.com 9153 49.16% devel.lab.foo.com 129 0.69% zeus.lab.foo.com 35 0.19% dhcp-100-101-167-223.dhcp.foo.com 31 0.17% dhcp-100-101-167-233.dhcp.foo.com 12 0.06% dhcp-100-101-160-062.dhcp.foo.com 9 0.05% ns1.foo.com 7 0.04% mlink.foo.co.uk 6 0.03% webfoogen1.foo.com 5 0.03% Users/Source Bandwidth: Top 10 of 21 ======================================================= corelinkmain01.foo.com 441 49.54% fwrtrmain01.foo.com 437 49.01% devel.lab.foo.com 6 0.72% dhcp-100-101-167-223.dhcp.foo.com 1 0.19% zeus.lab.foo.com 1 0.19% dhcp-100-101-167-233.dhcp.foo.com 0 0.07% mlink.foo.co.uk 0 0.04% dhcp-100-101-160-062.dhcp.foo.com 0 0.04% ns1.foo.com 0 0.03% 192.1.1.13 0 0.03% Users/Destination Addresses: Top 10 of 23 ======================================================= ns4.foo.com 18315 98.38% webfoogen1.foo.com 162 0.87% fwmain01.foo.com 33 0.18% apollo.foo.com 19 0.10% rtnw.foo.com 17 0.09% fwfoomain01.foo.com 17 0.09% corelinkmain01.foo.com 14 0.08% ns4.foo.net.nz 9 0.05% ns4.foo.net 7 0.04% fwfoomain01-2 5 0.03% Users/Destination Bandwidth: Top 10 of 23 ======================================================= ns4.foo.com 876 98.33% webfoogen1.foo.com 8 0.90% fwmain01.foo.com 1 0.21% fwfoomain01.foo.com 0 0.10% apollo.foo.com 0 0.09% rtnw.foo.com 0 0.09% corelinkmain01.foo.com 0 0.07% ns4.foo.net.nz 0 0.05% ns4.foo.net 0 0.03% fwfoomain01-2 0 0.03% Service Usage: Top 10 of 11 ======================================================= udp(ntp-udp) 18333 98.47% tcp(telnet) 182 0.98% tcp(http) 31 0.17% tcp(TACACSplus) 19 0.10% udp(snmp-trap) 17 0.09% tcp(smtp) 14 0.08% tcp(ftp) 14 0.08% tcp(X11) 3 0.02% tcp(ident) 2 0.01% tcp(1487) 1 0.01% Service Bandwidth: Top 10 of 11 ======================================================= udp(ntp-udp) 877 98.43% tcp(telnet) 8 1.01% tcp(http) 1 0.19% tcp(TACACSplus) 0 0.09% udp(snmp-trap) 0 0.09% tcp(smtp) 0 0.08% tcp(ftp) 0 0.08% tcp(X11) 0 0.02% tcp(1487) 0 0.01% tcp(ident) 0 0.01% Rule Usage: Top 10 of 14 ======================================================= Rule 76 18333 98.47% Rule 40 141 0.76% Rule 44 112 0.60% Rule 41 11 0.06% Rule 251 5 0.03% Rule 250 4 0.02% Rule 253 3 0.02% Rule 42 2 0.01% Rule 252 1 0.01% Rule 248 1 0.01% Rule Usage Bandwidth: Top 10 of 14 ======================================================= Rule 76 877 98.43% Rule 40 6 0.76% Rule 44 5 0.62% Rule 41 0 0.07% Rule 253 0 0.03% Rule 251 0 0.02% Rule 250 0 0.02% Rule 42 0 0.02% Rule 252 0 0.01% Rule 46 0 0.01% Network Interface Usage: Top 10 of 5 ======================================================= FWFOOMAIN01 hme1 (inbound) 18373 98.69% FWFOOMAIN01 hme0 (inbound) 239 1.28% FWFOOGW02 hme1 (inbound) 3 0.02% Internet Gateway (inbound) 1 0.01% FWFOOMAIN01 hme0 (outbound) 1 0.01% Network Interface Bandwidth: Top 10 of 5 ======================================================= FWFOOMAIN01 hme1 (inbound) 879 98.63% FWFOOMAIN01 hme0 (inbound) 11 1.34% FWFOOGW02 hme1 (inbound) 0 0.01% FWFOOMAIN01 hme0 (outbound) 0 0.01% Internet Gateway (inbound) 0 0.01% Source Domains: Top 10 of 4 ======================================================= US Commercial 18603 99.92% United Kingdom 6 0.03% Unresolved 6 0.03% Australia 2 0.01% Source Domains Bandwidth: Top 10 of 4 ======================================================= US Commercial 890 99.90% Unresolved 0 0.05% United Kingdom 0 0.04% Australia 0 0.01% Destination Domains: Top 10 of 6 ======================================================= US Commercial 18588 99.84% New Zealand 9 0.05% Network 7 0.04% Unresolved 6 0.03% Unknown 5 0.03% Australia 2 0.01% Destination Domains Bandwidth: Top 10 of 6 ======================================================= US Commercial 890 99.85% New Zealand 0 0.05% Network 0 0.03% Unresolved 0 0.03% Unknown 0 0.03% Australia 0 0.01% Daily Usage ======================================================= 20Nov2001 2684 14.42% 21Nov2001 2661 14.29% 19Nov2001 2631 14.13% 18Nov2001 2628 14.12% 22Nov2001 2588 13.90% 25Nov2001 1723 9.25% 23Nov2001 1421 7.63% 17Nov2001 1069 5.74% 26Nov2001 1027 5.52% 21Nov98 27 0.15% Daily Bandwidth ======================================================= 20Nov2001 128 14.47% 21Nov2001 127 14.29% 19Nov2001 126 14.22% 18Nov2001 124 14.01% 22Nov2001 124 13.98% 25Nov2001 81 9.17% 23Nov2001 67 7.58% 17Nov2001 51 5.77% 26Nov2001 48 5.49% 20Nov98 1 0.18% Hourly Periods: Top 10 ======================================================= 8AM-9AM 879 4.72% 11AM-12AM 805 4.32% 10AM-11AM 801 4.30% 3PM-4PM 801 4.30% 6PM-7PM 794 4.26% 10PM-11PM 794 4.26% 9AM-10AM 792 4.25% 4PM-5PM 790 4.24% 12AM-1PM 789 4.24% 5PM-6PM 787 4.23% Hourly Bandwidth ======================================================= 8AM-9AM 41 4.70% 4PM-5PM 39 4.41% 11AM-12AM 38 4.34% 6PM-7PM 38 4.33% 3PM-4PM 38 4.29% 10PM-11PM 38 4.26% 12AM-1PM 37 4.24% 0AM-1AM 37 4.24% 10AM-11AM 37 4.22% 5PM-6PM 37 4.19% Produced by fwlogsum Version: 5.0.3 http://www.ginini.com/software/fwlogsum/