Logging actions on a new 515E

[ryan]

We just bought a new PIX515E for a part of our network. I'm trying to figure out how to log ALL traffic coming and going from EACH IP, we have a few thousand IPs, so that I can run a report at the end of the month and say something like "IP x.x.x.x transferred 2GB of total data (incoming and outgoing)". Can I do this with the PIX515E by logging the actions? Better yet, can I log to an ODBC data source?

Thanks for all the help.
Ryan

 

[ryan]

Any help?

Ryan

 

[yizhar]

HI.

I don't know of a good way to do this with the pix itself.

Another options is to use a monitoring program (sniffer), that will run on a dedicated computer which will be connected with a HUB (not SWITCH) to the pix inside interface, like this:

ISP
ROUTER
PIX OUTSIDE
PIX INSIDE
HUB ------- MONITORING SOFTWARE
MAIN SWITCH
LAN


I am now in the proccess of evaluating such a solution with a monitoring program called COMMVIEW (if I remember correctly). I don't have specific links for now.


Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[tbissett]

You'll need to set up a syslog server. Set your PIX syslog level to level 6 (informational) and then look for syslog message ID 302014 (for TCP) and 302016 (for UDP). These two messages contain the byte counts for a connection.

...Or you could buy a product like WebSense Firewall Suite or OpenSystems Private-I which will also capture this info.