|
|
| Previous | Table of Contents | Next |
The HTTP Usage Report
The HTTP usage report identifies traffic that has been passed through the http-gw application. The report covers connection requests, denied service requests, and input and output through the proxy. A sample HTTP usage report looks like this:
pc# cat /var/log/messages* | ./http-summ.sh HTTP service users (total: 130) Connects Host/Address -------- ------------ 127 stargazer.unilabs.org/206.116.65.2 2 pc.unilabs.org/206.116.65.3 1 unknown/206.116.65.2 Denied HTTP service users (total: 1) Connects Host/Address -------- ------------ 1 stargazer.unilabs.org/206.116.65.2 HTTP service output thruput (total Kbytes: 1) KBytes Host/Address ------ ------------ 1 stargazer.unilabs.org/206.116.65.2 HTTP service input thruput (total Kbytes: 315) KBytes Host/Address ------ ------------ 315 stargazer.unilabs.org/206.116.65.2 pc#
A few requests out through the firewall may result in a much higher rate of information input to the firewall. You can see this in the previous code list; 1 KB of data out through the firewall resulted in 315 KB from the remote end.
The netacl report
Recall that netacl is a method of allowing access to the services on the firewall itself, such as telnet. This program enables administrators and other users to operate directly on the firewall without the need to be on the console.
The netacl report identifies the connects that have been made to the firewall and on what services, as well as the origin of the requests. A sample execution of the netacl-summ.sh command is shown here:
pc# cat /var/log/messages* | ./netacl-summ.sh Top 100 network service users (total: 40) Connects Host/Address -------- ------------ 19 stargazer.unilabs.org/204.191.3.147 13 stargazer.unilabs.org/206.116.65.2 4 unknown/206.116.65.2 2 unknown/204.191.3.147 2 pc.unilabs.org/206.116.65.3 Top 100 Denied network service users (total: 11) Connects Host/Address -------- ------------ 6 pc.unilabs.org/204.191.3.150 2 stargazer.unilabs.org/204.191.3.147 1 stargazer.unilabs.org/206.116.65.2 1 nds.fonorola.net/204.191.124.252 1 mail.fonorola.net/198.53.64.8 Service Requests Requests Service -------- ------- 32 ftpd 18 telnetd
In a previous section in this chapter, only telnet and ftp service were configured to be available with netacl. This setup was chosen so that you, the network administrator, could update files and interact with the firewall from places other than the console. The denied requests result from other hosts attempting to connect to your netacl ports (telnet was 2,023, and ftp was 2,021).
This report identifies sites that are attempting to log in or ftp directly to the firewall itself, rather than log in to a site behind the firewall.
The Mail Usage Report
Another important piece of information for the administrator is knowing how much mail is flowing through the firewall. Many sites do not allow any traffic other than mail through the firewall; for this reason, knowledge of the amount of information available helps determine if the chosen hardware platform is in fact doing the job. The mail usage report generator identifies for the administrator the number of messages received per user, and how many bytes in mail traffic were handled by the firewall.
The following sample execution of the mail report, smap-summ.sh, illustrates this script’s importance:
pc# cat /var/log/messages* | ./smap-summ.sh
Total messages: 10 (22 Kb)
Top 100 mail recipients (in messages)
Messages
Count Kb Address
----- -- -------
2 7.6 skhan@compmore.net
2 7.6 chrish
2 2.9 74507.3713@compuserve.com
1 1.5 chrish@fonorola.net
1 1.1 chrish@unilabs.org
1 0.9 denny@nstn.ca
1 0.9 chrish@nds.fonorola.net
Top 100 mail senders (in messages)
Messages
Count Kb Address
----- -- -------
9 21.4 chrish@unilabs.org
1 1.1 news@news.compmore.net
Top 100 mail recipients (in kilobytes)
Messages
Count Kb Address
----- -- -------
2 7.6 skhan@compmore.net
2 7.6 chrish
2 2.9 74507.3713@compuserve.com
1 1.5 chrish@fonorola.net
1 1.1 chrish@unilabs.org
1 0.9 denny@nstn.ca
1 0.9 chrish@nds.fonorola.net
Top 100 mail senders (in kilobytes)
Messages
Count Kb Address
----- -- -------
9 21.4 chrish@unilabs.org
1 1.1 news@news.compmore.net
| Previous | Table of Contents | Next |