[fwAnalog] PIX Level 5 (outbound) logs

From: noc~AT~sftnj.com
Date: Tue Oct 05 2004 - 07:18:59 CEST



Has anyone worked patterns for the pix "notice" level logs? (logging trap notice)
which appear as:
Oct 4 22:45:11 pix %PIX-5-304001: 192.168.1.16 Accessed URL 205.161.4.158:/livetri.zip

These entries show the sites being visited by hosts inside. These are much more important with the number of trojans, etc. creeping inside the firewalls. The Analog summary report should show the target IP and the count while the detail could include the full URLs of the top 10 IPs.

-mb



This archive was generated by hypermail 2.1.5 : Thu Feb 24 2005 - 15:02:04 CET