Logo
 
firegen home | support | tcp/ip ports | logwiki | support forums
Altair Technologies Ltd. - Firegen report generated on 11/5/2011 11:51:56 AM

FireGen Report
InfoValue
Log profileLog profile 20111031193059
Analyzed log(s) F:\Logs\Pix\syslog-2009-04-27.log (197.00 MB)

Firewall typeCisco Pix/ASA
Analysis intervalAll entries in the specified log
Firewalls
NoFirewallConnectionsTraffic (MB)DenialsWarningsURLs
1192.168.5.1199,560.006,991.373,189.005.00605,066.00
Message types
NoCodeMessage sampleCount
22-106001Inbound TCP connection denied from 94.75.231.162/1041 to 208.76.111.141/1211 flags RST ACK on interface outside232
32-106006Deny inbound UDP from 79.134.26.109/1538 to 208.76.111.141/35064 on interface outside39
43-106014Deny inbound icmp src outside:208.78.111.206 dst outside:208.76.111.142 (type 8, code 0)04
53-710003TCP access denied by ACL from 117.32.251.242/59398 to outside:208.76.111.138/2210
64-106023Deny icmp src outside:210.212.61.252 dst inside:208.76.111.139 (type 8, code 0) by access-group "web_out"2,895
74-411001Line protocol on Interface inside, changed state to up02
84-419001Dropping TCP packet from inside:192.168.5.55/80 to outside:99.241.156.247/33085, reason: MSS exceeded, MSS 0, data 138009
95-304001219.95.45.70 Accessed URL 192.168.5.55:/display.asp?eventid=&source=masas2k3605,066
105-500003Bad TCP hdr length (hdrlen=12, pktlen=54) from 192.168.10.249/1174 to 208.76.111.139/80, flags: INVALID, on interface outside05
116-302013Built inbound TCP connection 48077484 for outside:203.26.122.12/13891 (203.26.122.12/13891) to inside:192.168.5.55/80 (208.76.111.139/80)198,839
126-302014Teardown TCP connection 48077098 for outside:125.160.178.37/40929 to inside:192.168.5.55/80 duration 0:04:19 bytes 50291 TCP FINs198,842
136-302015Built outbound UDP connection 48077479 for outside:66.28.0.45/53 (66.28.0.45/53) to inside:192.168.5.55/1894 (208.76.111.139/1894)2,933
146-302016Teardown UDP connection 48077479 for outside:66.28.0.45/53 to inside:192.168.5.55/1894 duration 0:00:00 bytes 2312,933
156-302020Built ICMP connection for faddr 208.78.111.206/512 gaddr 208.76.111.138/0 laddr 208.76.111.138/003
166-302021Teardown ICMP connection for faddr 208.78.111.206/512 gaddr 208.76.111.138/0 laddr 208.76.111.138/003
176-609001Built local-host outside:209.170.130.15983,202
186-609002Teardown local-host outside:125.160.178.37 duration 0:06:3583,210
197-710005UDP request discarded from 0.0.0.0/68 to outside:255.255.255.255/671,521
Firewall: 192.168.5.1

192.168.5.1 - Traffic and denials per hour









HourTraffic (MB)%Connections%Denials%
00-01119.001.714,1082.03672.10
01-02120.001.724,0852.01601.88
02-03142.002.044,8592.40481.51
03-04232.003.337,5703.73752.35
04-05360.005.1510,9025.38862.70
05-06417.005.9711,3935.62902.82
06-07392.005.6211,6245.73802.51
07-08352.005.059,7474.81822.57
08-09333.004.769,7774.821203.76
09-10381.005.4511,5585.701083.39
10-11488.006.9914,0396.921043.26
11-12547.007.8316,0927.941,13635.62!!!
12-13489.007.0013,3676.591304.08
13-14412.005.9010,6645.26642.01
14-15318.004.558,6834.281464.58
15-16334.004.799,7084.791835.74
16-17323.004.639,4334.651354.23
17-18298.004.278,1824.041223.83
18-19241.003.456,8023.35842.63
19-20165.002.374,8402.39471.47
20-21143.002.053,7811.86561.76
21-22120.001.733,4601.71541.69
22-23126.001.813,7851.87601.88
23-24127.001.834,2902.12521.63
Log messages severity levels - 192.168.5.1
LevelSeverityDescriptionTotal
1AlertImmediate action needed00
2CriticalCritical condition271
3ErrorError condition14
4WarningWarning condition2,906
5NotificationNormal but signifiant condition605,071
6InformationalInformational message only569,965
7DebuggingAppears during debugging only1,521
192.168.5.1 - Interfaces
NoInterfacesConnectionsMB%DenialsWarnings
1inside to outside2,89200.5500.010900
2outside to inside196,6686,990.8299.992,89500
3outside0000.0000.0028505
4Not specified0000.0000.000000
 Total199,5606,991.37 3,18905
Firewall: 192.168.5.1 - Interfaces: inside to outside - Go to top
Top 10 sources
NoSourceBytes%Comment
1192.168.5.55579,56099.9517 denials recorded on 8/16/2010 3:45:54 AM
2192.168.5.562880.05 



Top 10 destinations
NoDestinationBytes%Comment
1res1.dns.cogentco.com (66.28.0.45)269,40946.46 
2cache03.ca-dns.net (142.77.2.85)202,07634.85 
364.149.13.1032,4000.41 
476-76-198-65.static.pinetreenetworks.com (65.198.76.76)1,3500.23 
564.73.43.1021,2000.21 
665.55.5.2531,0500.18 
764.239.246.169000.16 
865.55.13.1269000.16 
9202.181.132.418910.15 
10199.239.136.2007500.13 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
1192.168.5.55UDP/53 - dns2,242471,48581.3117 denials recorded on 8/16/2010 3:45:54 AM
2192.168.5.55UDP/137 - netbios647108,07518.64 
3192.168.5.56UDP/123 - ntp032880.05 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
1192.168.5.55res1.dns.cogentco.com (66.28.0.45)UDP/53 - dns1,204269,40946.4617 denials recorded on 8/16/2010 3:45:54 AM
2192.168.5.55cache03.ca-dns.net (142.77.2.85)UDP/53 - dns1,038202,07634.85 
3192.168.5.5564.149.13.103UDP/137 - netbios042,4000.41 
4192.168.5.5576-76-198-65.static.pinetreenetworks.com (65.198.76.76)UDP/137 - netbios061,3500.23 
5192.168.5.5564.73.43.102UDP/137 - netbios061,2000.21 
6192.168.5.5565.55.5.253UDP/137 - netbios041,0500.18 
7192.168.5.5564.239.246.16UDP/137 - netbios069000.16 
8192.168.5.5565.55.13.126UDP/137 - netbios029000.16 
9192.168.5.55202.181.132.41UDP/137 - netbios018910.15 
10192.168.5.55199.239.136.200UDP/137 - netbios047500.13 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1UDP/53 - dns2,242471,48581.31 
2UDP/137 - netbios647108,07518.64 
3UDP/123 - ntp032880.05 



Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
1192.168.5.55094/27/2009 4:38:58 AM100.0017 denials recorded on 8/16/2010 3:45:54 AM

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
1CPE001b116233c6-CM0019477f690c.cpe.net.cable.rogers.com (99.241.156.247)094/27/2009 4:38:58 AM100.00 

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1TCP/33085094/27/2009 4:38:58 AM100.00 

Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1MSS value of 0 exceeded094/27/2009 4:38:58 AM100.00 

Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1192.168.5.55CPE001b116233c6-CM0019477f690c.cpe.net.cable.rogers.com (99.241.156.247)TCP/33085MSS value of 0 exceeded094/27/2009 4:38:58 AM100.0017 denials recorded on 8/16/2010 3:45:54 AM

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1TCP/33085MSS value of 0 exceeded09100.00 

Firewall: 192.168.5.1 - Interfaces: outside to inside - Go to top
Top 10 sources
NoSourceBytes%Comment
182.76.60.2950,030,8110.68 
2crawl-66-249-70-210.googlebot.com (66.249.70.210)23,134,3350.32 
3b5131382.yst.yahoo.net (74.6.18.220)21,528,3330.29 
4spider10.yandex.ru (93.158.148.30)12,500,1370.17 
5rrcs-24-97-226-234.nys.biz.rr.com (24.97.226.234)10,850,9850.15 
6198.6.33.1310,172,6350.14 
724.244.139.1906,339,7890.09 
886.127.4.695,699,7380.08 
979.112.11.195,571,5970.08 
1099.255.229.415,447,9250.07 



Top 10 destinations
NoDestinationBytes%Comment
1192.168.5.557,317,368,15899.8217 denials recorded on 8/16/2010 3:45:54 AM
2192.168.5.5613,038,8560.18 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
182.76.60.29TCP/80 - http1850,030,8110.68 
2crawl-66-249-70-210.googlebot.com (66.249.70.210)TCP/80 - http1,53120,629,4910.28 
3b5131382.yst.yahoo.net (74.6.18.220)TCP/80 - http2,17520,065,0220.27 
4spider10.yandex.ru (93.158.148.30)TCP/80 - http21512,500,1370.17 
5rrcs-24-97-226-234.nys.biz.rr.com (24.97.226.234)TCP/80 - http1,33510,850,9850.15 
6198.6.33.13TCP/80 - http16410,172,6350.14 
786.127.4.69TCP/80 - http115,699,7380.08 
879.112.11.19TCP/80 - http145,571,5970.08 
999.255.229.41TCP/80 - http045,447,9250.07 
10194.59.120.11TCP/80 - http2895,411,9180.07 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
182.76.60.29192.168.5.55TCP/80 - http1850,030,8110.6817 denials recorded on 8/16/2010 3:45:54 AM
2crawl-66-249-70-210.googlebot.com (66.249.70.210)192.168.5.55TCP/80 - http1,53120,629,4910.28 
3b5131382.yst.yahoo.net (74.6.18.220)192.168.5.55TCP/80 - http2,17520,065,0220.27 
4spider10.yandex.ru (93.158.148.30)192.168.5.55TCP/80 - http21412,492,4030.17 
5rrcs-24-97-226-234.nys.biz.rr.com (24.97.226.234)192.168.5.55TCP/80 - http1,33510,850,9850.15 
6198.6.33.13192.168.5.55TCP/80 - http16410,172,6350.14 
786.127.4.69192.168.5.55TCP/80 - http115,699,7380.08 
879.112.11.19192.168.5.55TCP/80 - http145,571,5970.08 
999.255.229.41192.168.5.55TCP/80 - http045,447,9250.07 
10194.59.120.11192.168.5.55TCP/80 - http2895,411,9180.07 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1TCP/80 - http191,6727,293,817,73899.50 
2TCP/443 - ssl-https1,32333,299,6570.45 
3TCP/43 - whois1,7691,806,0580.02 
4TCP/80101,637804,4970.01 
5TCP/25 - smtp226494,1440.01 
6UDP/500 - ipsec41184,9200.00 



Top 10 protocol TCP/80 - http: Sources, destinations, and traffic
NoSourceDestinationConnectionsBytesComment
182.76.60.29192.168.5.551850,030,81117 denials recorded on 8/16/2010 3:45:54 AM
2crawl-66-249-70-210.googlebot.com (66.249.70.210)192.168.5.551,53120,629,491 
3b5131382.yst.yahoo.net (74.6.18.220)192.168.5.552,17520,065,022 
4spider10.yandex.ru (93.158.148.30)192.168.5.5521412,492,403 
5rrcs-24-97-226-234.nys.biz.rr.com (24.97.226.234)192.168.5.551,33510,850,985 
6198.6.33.13192.168.5.5516410,172,635 
786.127.4.69192.168.5.55115,699,738 
879.112.11.19192.168.5.55145,571,597 
999.255.229.41192.168.5.55045,447,925 
10194.59.120.11192.168.5.552895,411,918 

Top 10 protocol TCP/25 - smtp: Sources, destinations, and traffic
NoSourceDestinationConnectionsBytesComment
1zeus.lunarpages.com (67.210.126.165)192.168.5.5584263,53962 denials recorded on 4/29/2009 2:21:22 AM
2mailin.rzone.de (81.169.145.101)192.168.5.55024,624 
3yx-in-f27.1e100.net (74.125.45.27)192.168.5.55024,442 
4mail.networksolutionsemail.com (205.178.149.7)192.168.5.55024,103 
5mail-relay.wobline.de (62.176.224.93)192.168.5.55044,061 
6almach.stargate.ca (64.253.129.9)192.168.5.55023,664 
7trisol.stargate.ca (64.253.129.20)192.168.5.55023,664 
8beid.stargate.ca (64.253.129.14)192.168.5.55023,656 
9keid.stargate.ca (64.253.129.15)192.168.5.55023,656 
10skat.stargate.ca (64.253.129.18)192.168.5.55023,646 

Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
1mail2.rcs.k12.va.us (206.113.136.253)9814/27/2009 11:18:05 AM33.89981 denials recorded on 4/27/2009 11:18:05 AM
2zeus.lunarpages.com (67.210.126.165)844/27/2009 1:41:31 AM02.9062 denials recorded on 4/29/2009 2:21:22 AM
394.75.231.162614/27/2009 1:32:00 AM02.1127 denials recorded on 4/29/2009 1:22:31 AM
4204.251.213.17604/27/2009 2:16:55 AM02.0748 denials recorded on 4/28/2009 2:57:24 AM
568.156.165.51504/27/2009 3:06:25 AM01.7360 denials recorded on 4/29/2009 3:07:17 AM
6mail.bdl-berlin.net (80.153.4.174)384/27/2009 2:59:59 PM01.31 
7137.164.143.36334/27/2009 7:14:25 AM01.14 
8218.20.54.58324/27/2009 5:18:20 PM01.11 
981.94.210.234314/27/2009 6:32:57 AM01.07 
10IBM-Clark-American-1166488.cust-rtr.swbell.net (66.142.240.22)294/27/2009 3:05:15 PM01.00 

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
1www.eventid.net (208.76.111.139)2,7264/27/2009 1:24:34 AM94.16 
2www.altairtech.ca (208.76.111.140)1694/27/2009 1:27:16 AM05.84 

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1UDP/13059824/27/2009 11:18:05 AM33.92 
2ICMP/3 - unreach6014/27/2009 1:36:46 AM20.76 
3ICMP/8 - ping2794/27/2009 1:51:54 AM09.64 
4UDP/137 - netbios2064/27/2009 1:24:34 AM07.12 
5UDP/334371124/27/2009 2:16:55 AM03.87 
6TCP/113 - ident914/27/2009 1:41:31 AM03.14 
7UDP/33436794/27/2009 1:31:39 AM02.73 
8UDP/49153474/27/2009 2:06:42 AM01.62 
9UDP/33435464/27/2009 5:06:56 AM01.59 
10UDP/33438454/27/2009 1:31:19 AM01.55 



Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1Access group web_out2,8954/27/2009 1:24:34 AM100.00 

Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1mail2.rcs.k12.va.us (206.113.136.253)www.eventid.net (208.76.111.139)UDP/1305Access group web_out9814/27/2009 11:18:05 AM33.89981 denials recorded on 4/27/2009 11:18:05 AM
2zeus.lunarpages.com (67.210.126.165)www.eventid.net (208.76.111.139)TCP/113 - identAccess group web_out844/27/2009 1:41:31 AM2.9062 denials recorded on 4/29/2009 2:21:22 AM
3204.251.213.17www.eventid.net (208.76.111.139)UDP/33437Access group web_out604/27/2009 2:16:55 AM2.0748 denials recorded on 4/28/2009 2:57:24 AM
4mail.bdl-berlin.net (80.153.4.174)www.eventid.net (208.76.111.139)ICMP/3 - unreachAccess group web_out384/27/2009 2:59:59 PM1.31 
5218.20.54.58www.eventid.net (208.76.111.139)ICMP/8 - pingAccess group web_out324/27/2009 5:18:20 PM1.11 
6IBM-Clark-American-1166488.cust-rtr.swbell.net (66.142.240.22)www.eventid.net (208.76.111.139)ICMP/3 - unreachAccess group web_out294/27/2009 3:05:15 PM1.00 
781.94.210.234www.eventid.net (208.76.111.139)UDP/33436Access group web_out234/27/2009 6:33:06 AM0.79 
868.156.165.51www.eventid.net (208.76.111.139)ICMP/8 - pingAccess group web_out204/27/2009 3:06:25 AM0.6960 denials recorded on 4/29/2009 3:07:17 AM
9137.164.143.36www.eventid.net (208.76.111.139)TCP/445 - netbiosAccess group web_out184/27/2009 7:14:29 AM0.62 
10c-98-210-216-208.hsd1.ca.comcast.net (98.210.216.208)www.eventid.net (208.76.111.139)ICMP/8 - pingAccess group web_out184/27/2009 2:50:16 PM0.62 

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1UDP/1305Access group web_out98233.92 
2ICMP/3 - unreachAccess group web_out60120.76 
3ICMP/8 - pingAccess group web_out2799.64 
4UDP/137 - netbiosAccess group web_out2067.12 
5UDP/33437Access group web_out1123.87 
6TCP/113 - identAccess group web_out913.14 
7UDP/33436Access group web_out792.73 
8UDP/49153Access group web_out471.62 
9UDP/33435Access group web_out461.59 
10UDP/33438Access group web_out451.55 

Firewall: 192.168.5.1 - Interface: outside - Go to top
Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
194.75.231.162574/27/2009 1:31:01 AM20.0027 denials recorded on 4/29/2009 1:22:31 AM
2118.123.5.96084/27/2009 1:58:48 AM02.818 denials recorded on 4/27/2009 1:58:48 AM
3208.52.163.187064/27/2009 9:01:03 AM02.116 denials recorded on 4/27/2009 9:01:03 AM
493-120-137-38.dynamic.mts-nn.ru (93.120.137.38)064/27/2009 9:53:40 AM02.11 
5208.74.217.197064/27/2009 11:39:28 AM02.11 
6220.225.195.115064/27/2009 3:42:56 PM02.11 
7117.32.251.242064/27/2009 11:16:31 PM02.11 
8208.96.100.139064/27/2009 11:19:50 PM02.11 
9208.82.46.60044/27/2009 2:32:59 AM01.40 
10208.78.111.206044/27/2009 5:48:47 AM01.40 

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
1208.76.111.1421504/27/2009 1:31:01 AM52.63 
2208.76.111.1411254/27/2009 1:36:09 AM43.86 
3208.76.111.138104/27/2009 6:03:14 AM03.51 

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1TCP/135 - ms rpc584/27/2009 1:58:48 AM20.35 
2TCP/22 - ssh184/27/2009 3:42:56 PM06.32 
3TCP/16904174/27/2009 2:34:08 AM05.96 
4TCP/2967144/27/2009 9:02:22 AM04.91 
5TCP/1433 - ms sql124/27/2009 4:09:44 AM04.21 
6TCP/445 - netbios124/27/2009 9:41:15 AM04.21 
7UDP/1434 - ms sql monitor114/27/2009 2:01:41 AM03.86 
8UDP/137 - netbios084/27/2009 1:36:09 AM02.81 
9TCP/5900 - vnc084/27/2009 2:49:15 PM02.81 
10TCP/139 - netbios074/27/2009 9:53:40 AM02.46 



Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1TCP flags SYN 1544/27/2009 1:56:11 AM54.04 
2TCP flags RST ACK 574/27/2009 1:31:01 AM20.00 
3Firewall policy394/27/2009 1:36:09 AM13.68 
4TCP flags SYN ACK 204/27/2009 2:34:08 AM07.02 
5Denied by ACL104/27/2009 6:03:14 AM03.51 
6Firewall policy044/27/2009 5:48:47 AM01.40 
7TCP flags RST 014/27/2009 9:40:37 PM00.35 



Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1208.52.163.187208.76.111.142TCP/135 - ms rpcTCP flags SYN 064/27/2009 9:01:03 AM2.116 denials recorded on 4/27/2009 9:01:03 AM
2118.123.5.96208.76.111.141TCP/135 - ms rpcTCP flags SYN 044/27/2009 1:58:48 AM1.408 denials recorded on 4/27/2009 1:58:48 AM
3118.123.5.96208.76.111.142TCP/135 - ms rpcTCP flags SYN 044/27/2009 1:58:48 AM1.40 
4208-38-107-230.static.izoom.net (208.38.107.230)208.76.111.141TCP/445 - netbiosTCP flags SYN 044/27/2009 9:41:15 AM1.40 
5208.96.100.139208.76.111.142TCP/135 - ms rpcTCP flags SYN 044/27/2009 11:19:50 PM1.40 
666.79.161.44208.76.111.142TCP/16904TCP flags SYN ACK 034/27/2009 2:34:08 AM1.05 
761.160.212.152208.76.111.142TCP/16904TCP flags SYN ACK 034/27/2009 3:53:03 AM1.05 
894.75.231.162208.76.111.142TCP/1092TCP flags RST ACK 034/27/2009 8:06:53 AM1.0527 denials recorded on 4/29/2009 1:22:31 AM
994.75.231.162208.76.111.142TCP/1218TCP flags RST ACK 034/27/2009 9:48:35 AM1.05 
1093-120-137-38.dynamic.mts-nn.ru (93.120.137.38)208.76.111.142TCP/139 - netbiosTCP flags SYN 034/27/2009 9:53:40 AM1.05 

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1TCP/135 - ms rpcTCP flags SYN 5820.35 
2TCP/16904TCP flags SYN ACK 175.96 
3TCP/2967TCP flags SYN 144.91 
4TCP/1433 - ms sqlTCP flags SYN 124.21 
5TCP/445 - netbiosTCP flags SYN 124.21 
6TCP/22 - sshTCP flags SYN 124.21 
7UDP/1434 - ms sql monitorFirewall policy113.86 
8UDP/137 - netbiosFirewall policy082.81 
9TCP/5900 - vncTCP flags SYN 082.81 
10TCP/139 - netbiosTCP flags SYN 072.46 

Top 10 warning messages
NoSourceDestinationProtocolWarningCountFirst warning%Comment
1192.168.25.15www.eventid.net (208.76.111.139)TCP/0Bad TCP hdr length - 0044/27/2009 2:41:42 AM80.00 
2192.168.10.249www.eventid.net (208.76.111.139)TCP/80 - httpBad TCP hdr length - 80014/27/2009 4:33:44 AM20.00 

Firewall: 192.168.5.1 - Interfaces: Not specified - Go to top
Top 10 source, destination, protocol, URL messages
NoSourceDestinationProtocolURLConnectionsComment
1ip72-197-115-140.sd.sd.cox.net (72.197.115.140)192.168.5.55TCP/80 - http/favicon.ico1,10617 denials recorded on 8/16/2010 3:45:54 AM
2rrcs-24-97-226-234.nys.biz.rr.com (24.97.226.234)192.168.5.55TCP/80 - http/images/ms_logo.gif737 
3rrcs-24-97-226-234.nys.biz.rr.com (24.97.226.234)192.168.5.55TCP/80 - http/images/top_page_bg_3.jpg645 
4rrcs-24-97-226-234.nys.biz.rr.com (24.97.226.234)192.168.5.55TCP/80 - http/images/bottom_page_bg_3.jpg645 
5rrcs-24-97-226-234.nys.biz.rr.com (24.97.226.234)192.168.5.55TCP/80 - http/images/header_bg_3.jpg645 
6rrcs-24-97-226-234.nys.biz.rr.com (24.97.226.234)192.168.5.55TCP/80 - http/images/header_middle_bg_3.jpg645 
7rrcs-24-97-226-234.nys.biz.rr.com (24.97.226.234)192.168.5.55TCP/80 - http/images/evlogright.gif643 
8rrcs-24-97-226-234.nys.biz.rr.com (24.97.226.234)192.168.5.55TCP/80 - http/images/footer_bg_3.jpg643 
9rrcs-24-97-226-234.nys.biz.rr.com (24.97.226.234)192.168.5.55TCP/80 - http/css/ie.css640 
10rrcs-24-97-226-234.nys.biz.rr.com (24.97.226.234)192.168.5.55TCP/80 - http/css/evid_core.css638 

Top 10 urls and connections
NoURLConnections%Comment
1/images/ms_logo.gif81,26513.43 
2/css/evid_core.css34,40505.69 
3/lib/library.js33,89105.60 
4/images/header_bg_3.jpg33,88305.60 
5/images/top_page_bg_3.jpg33,59705.55 
6/images/footer_bg_3.jpg33,54505.54 
7/images/header_middle_bg_3.jpg33,53705.54 
8/images/bottom_page_bg_3.jpg33,48705.53 
9/images/evlogright.gif33,40105.52 
10/images/footer_middle_bg_3.jpg33,12005.47 

Other messages
NoCodeMessage sampleCountComment
14-411001Line protocol on Interface inside, changed state to up2 
To assist us in improving the analyzer, please send the messages above to support@firegen.com and they will be added to the next release of Firegen.

Analysis details
Analysis start time11/5/2011 11:51:54 AM
Analysis duration2.48 minutes (149 seconds)
Analysis engine versionCisco Pix/ASA parser version: 0.12
FireGen30Service.exe - FireGen scheduler service: 3.0.0.0
Filtering criteriaAll entries
Excluded keywordsNo connection
Glossary
!!!Indicates that a high denials:connections ration has been detected. The current configured ratio is 3. The !!! indicates that the percentage of denials for that hour is bigger than 3 x the connections percentage. This indicates some unusual denial activity that may have to be investigated. The ratio can be configured on the Report Formats interface.
Other messagesThe Other messages represents a list of message not yet configured in the Firegen parser. Please send these messages to us (support@firegen.com) and we will add them in the next Firegen update. These messages are included in the list of message types but they are not yet fully understood by the analyzer.
  • Navigation