Reporting Tools?

[kfriend]

Hello,

I'm wondering if anyone has come across a tool that not only logs events, but also displays the hit-count on the access lists?

The only way I can see now is to print out my current configuration, and login to the pix, and view each line for number of hits and mark on my sheet.

The reason I ask is because I have BIG ACCESS LISTS...really big. And I'd like to keep it managed as good as possible, by removing the ALLOW entries that are not being used.

MCSE/MCDBA
SANS GIAC + SANS FIREWALL

 

[tbissett]

Haven't come across anything that does this. Forgive me if you knew this, but you can clear the hit counter on access-lists. Might make it easier to look for 0's on a daily basis rather than log changes. The command for an access-list named "outbound" would be:
clear access-list outbound counters

Just make sure you put the keyword "counts" at the end!

 

[kfriend]

this is an internal firewall that we use to restrict access to employees. =)
I like the hit counters, because it allows me to see which rules haven't been used since we deployed the pix.

It's about time to scrub the list...right now I have over 1400 lines in my pix config!!!

MCSE/MCDBA
SANS GIAC + SANS FIREWALL