[mrtg] Re: Firewall monitoring

Graeme Fowler G.E.Fowler at lboro.ac.uk
Fri Aug 20 13:01:35 MEST 1999

On 20-Aug-99 Martin Ansdell-Smith wrote:
> On Thu, 19 Aug 1999, Kyle Maxwell wrote:
>> I'm trying to monitor loads on firewalls.
> An alternative might be that the information could be in the firewall
> logs and you might be able to get it from that (although it may not
> be available as frequently as every 5 minutes by default).

I was going to suggest that leaving an snmp agent running on a firewall
is pretty insecure in itself, unless you have *absolute* trust in the
firewall's internal protection. It would probably be better (if it can
be done) to have the firewall log via syslogd to a remote machine, then
park a script on the tail of the log to output a file to MRTG for

If the firewall is some kind of Unix box this would be pretty easy, but
if it's a 'solid-state' one (like the Lucent Managed Firewall which
we're testing right now) then it'll be nigh-on impossible...

My £0.02

Graeme Fowler
Network Officer, Infrastructure & Networks Group
Loughborough University Computing Services
+44 1509 228426

* To unsubscribe from the mrtg mailing list, send a message with the
  subject: unsubscribe to mrtg-request at list.ee.ethz.ch
* The mailing list archive is at http://www.ee.ethz.ch/~slist/mrtg

More information about the mrtg mailing list