Below is an example of the output from a “show access-list” command on the Cisco PIX/ASA.
NDC-FW-01# show access-list
access-list allow-in line 1 extended permit tcp any host <IP_1> eq www (hitcnt=186) 0x67305930
access-list allow-in line 2 extended permit tcp any host <IP_1> eq https (hitcnt=0) 0x4612a177
access-list allow-in line 11 extended permit tcp any host <IP_2> eq www (hitcnt=480) 0xce0a6156
access-list allow-in line 12 extended permit tcp any host <IP_2> eq https (hitcnt=64) 0xf530e0aa
access-list allow-in line 20 extended permit tcp any host <IP_3> eq www (hitcnt=7671) 0xea971ac0
access-list allow-in line 21 extended permit tcp any host <IP_3> eq https (hitcnt=41920) 0x8d30dc38
access-list allow-in line 22 extended permit tcp any host <IP_4> eq https (hitcnt=34) 0xbf7c0975
What I want to be able to do is monitor the delta value of the hit count between polling intervals. I want to do this, ideally, for only some access-list, and for only some of the access-list entries within those access-lists.
Is this something I can do directly or do I need to use a third party piece of software to do this and if so, can anyone suggest which software to use ?
Thanks very much
That's nothing the ASA can do native. But if you have a linux-Box, it shouldn't be to hard to script with some lines of AWK: http://www.gnu.org/software/gawk/manual/gawk.html
BTW: You should move this Thread to "Firewalling" as it has nothing to do with IPS ...
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
Thanks for the reply. have moved the discussion, apologies.
We have an SNMP tool that can collect the information but we just need to know if it is possible to use SNMP to collect statistics on hit counts per ACE on the ASA.
If it is, our tool will take care of collecting the hit counts and working out the delta values. I just need to know if we can get at those hit counts using SNMP.