Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
2
Replies

Help with Delta Values needed

hardware
Level 1
Level 1

‎12-27-2012 04:08 AM - edited ‎03-11-2019 05:41 PM

Below is an example of the output from a “show access-list” command on the Cisco PIX/ASA.

NDC-FW-01# show access-list

access-list allow-in line 1 extended permit tcp any host <IP_1> eq www (hitcnt=186) 0x67305930

access-list allow-in line 2 extended permit tcp any host <IP_1> eq https (hitcnt=0) 0x4612a177

access-list allow-in line 11 extended permit tcp any host <IP_2> eq www (hitcnt=480) 0xce0a6156

access-list allow-in line 12 extended permit tcp any host <IP_2> eq https (hitcnt=64) 0xf530e0aa

access-list allow-in line 20 extended permit tcp any host <IP_3> eq www (hitcnt=7671) 0xea971ac0

access-list allow-in line 21 extended permit tcp any host <IP_3> eq https (hitcnt=41920) 0x8d30dc38

access-list allow-in line 22 extended permit tcp any host <IP_4> eq https (hitcnt=34) 0xbf7c0975

What I want to be able to do is monitor the delta value of the hit count between polling intervals. I want to do this, ideally, for only some access-list, and for only some of the access-list entries within those access-lists.

Is this something I can do directly or do I need to use a third party piece of software to do this and if so, can anyone suggest which software to use ?

Thanks very much

DavidT

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎12-27-2012 05:16 AM

That's nothing the ASA can do native. But if you have a linux-Box, it shouldn't be to hard to script with some lines of AWK:  http://www.gnu.org/software/gawk/manual/gawk.html

BTW: You should move this Thread to "Firewalling" as it has nothing to do with IPS ...

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

hardware
Level 1
Level 1
In response to Karsten Iwen

‎12-27-2012 05:45 AM

Karsten,

Thanks for the reply. have moved the discussion, apologies.

We have an SNMP tool that can collect the information but we just need to know if it is possible to use SNMP to collect statistics on hit counts per ACE on the ASA.

If it is, our tool will take care of collecting the hit counts and working out the delta values. I just need to know if we can get at those hit counts using SNMP.

Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card