Date: Tue Oct 05 2004 - 07:18:59 CEST
Has anyone worked patterns for the pix "notice" level logs? (logging trap notice)
which appear as:
Oct 4 22:45:11 pix %PIX-5-304001: 192.168.1.16 Accessed URL 18.104.22.168:/livetri.zip
These entries show the sites being visited by hosts inside. These are much more important with the number of trojans, etc. creeping inside the firewalls. The Analog summary report should show the target IP and the count while the detail could include the full URLs of the top 10 IPs.
This archive was generated by hypermail 2.1.5 : Thu Feb 24 2005 - 15:02:04 CET