Top Source/Destination by service

Question

I' m trying to get rid of any any allow rules (yes there are some).    So i thought about using the FA for this, but i am missing an option for   Top Source destination by service (by Volume or Sessions)    But i only find   Top Services by Volume  Top Source Desination Pairs by volume  Top Desination Source Pairs by volume  Top Service by Volume for most Common Sources  Top Service by Volume for most Common Destinations    Ideally i' d like to get the currently most used " conversations"  between source&dest and the used protocol to gather whether create a allow or deny policy.    Any hints on how to achive that with FAZ?    FGT is a HA Cluster of 110C running 4.2.7   FAZ is a 1000C running 4.2.5

AtiT · Accepted Answer

Hi Jan Scholten!    Is it something like this you are looking for?    allowed-source-destination-service by bandwidth    SELECT `srcip`, `dstip`, `service`,  SUM(COALESCE(`sentbyte`,0)+COALESCE(`rcvdbyte`,0)) AS bandwidth  FROM $log  WHERE `status`=' accept'   GROUP BY `srcip`, `dstip`, `service`  ORDER BY bandwidth DESC      For blocked traffic is better to check the sessions to see what is mostly denied:  denied-source-destination-service by session    SELECT `srcip`, `dstip`, `service`,  COUNT(*) AS totalnum  FROM $log  WHERE `status`=' deny'   GROUP BY `srcip`, `dstip`, `service`  ORDER BY totalnum DESC    All dataset for traffic logtype.    Dataset for version 5.0.2 but it will be the same for older versions - check the fields.    Regards,

emnoc · Answer

No but  the following would do this with ease;    http://www.plixer.com/Scrutinizer-Netflow-Sflow/  and  Sflowd

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded