I have a CheckPoint account log as follows.
time="19Sep2005 19:52:13" action="accept" orig="winner-w2k1"
i/f_dir="inbound" i/f_name="E10005" has_accounting="1" product="VPN-1
& FireWall-1" __policy_id_tag="product=VPN-1 &
FireWall-1[db_tag={DE3886FA-2DB5-40D3-951B-8D0CF9E50A05};mgmt=winner-w2k1;date=1126956602;policy_name=Standard]"
src="192.168.111.175" s_port="47064" dst="192.168.118.165"
service="ftp" proto="tcp" rule="1" start_time="19Sep2005 19:59:36"
segment_time="19Sep2005 19:59:36" elapsed="0:00:02" packets="2767"
bytes="2726702" client_inbound_packets="1832"
client_outbound_packets="935" server_inbound_packets="0"
server_outbound_packets="0" client_inbound_bytes="2689294"
client_outbound_bytes="37408" server_inbound_bytes="0"
server_outbound_bytes="0" client_inbound_interface="E10005"
client_outbound_interface="E10005" __pos="2" __nsons="0" __p_dport="ftp"
It says source, destination and bytes. From the above fields, I want to
identify I want to identify how much is coming into the LAN and how much
is going out of my firewall. What are all the significance of
client_inbound_bytes, client_outbound_bytes, server_inbound_bytes and
server_outbound_bytes.
thanks for your help
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Tue Sep 20 2005 - 06:32:04 PDT