Logo firegen home | support | forums | tcp/ip ports

Altair Technologies - Firegen report generated on 1/2/2018 3:54:13 PM

InfoValue
Analysis profileAnalysis profile Cisco IOS
Analyzed log(s)E:\Logs\Cisco Router\syslog-rtr-2006-11-13.txt (12.00 MB)
Firewall typeCisco IOS
Analysis intervalAll entries in the specified log

Firewalls

NoFirewallConnectionsTraffic (MB)DenialsWarningsURLsInfoIDSACLUnknown
110.1.10.260,7271,291.6518010000000000

Firewall: 10.1.10.2

Anomaly report

Based on the analysis of 0 historical records, this set of data appears to be within the normal values.

Please note that the anomaly prediction algorithm only describes the commonality of the current statistics when compared with the previous analysis restuls. There might be specific issues that are not part of the analysis and that can still indicate a potential problem.

Message types

NoCodeMessage sampleCount

10.1.10.2 - Traffic and denials per hour









HourTraffic (MB)%Connections%Denials%
00-0100.000.046991.15000.00
01-0206.000.504560.75000.00
02-0308.000.635960.98000.00
03-0419.001.497491.23000.00
04-0507.000.598801.45000.00
05-0601.000.145810.96000.00
06-0702.000.185490.90000.00
07-0804.000.326551.08000.00
08-0994.007.305,5279.10000.00
09-10105.008.165,4498.97000.00
10-11181.0014.076,48910.680844.44!!!
11-12128.009.956,07210.00015.56
12-13190.0014.724,0326.64000.00
13-1498.007.614,9878.21000.00
14-15103.008.004,5447.48000.00
15-1682.006.424,3897.230844.44!!!
16-1791.007.104,4747.37015.56
17-18108.008.434,5217.44000.00
18-1929.002.281,7202.83000.00
19-2011.000.899481.56000.00
20-2103.000.295340.88000.00
21-2204.000.328031.32000.00
22-2303.000.305090.84000.00
23-2403.000.295820.96000.00

10.1.10.2 - Interfaces

NoInterfacesConnectionsMB%DenialsWarningsACLsIDS
1Not specified60,7271,291.65100.0018010000
 Total60,7271,291.65 18010000

Firewall: 10.1.10.2 - Interfaces: Not specified - Go to top

Top 50 sources out of 64 unique sources

NoSourceBytes%Comment
110.1.1.19288,917,78921.33 
210.1.100.138152,284,84511.24 
310.1.100.15982,145,8406.07 
410.1.100.14355,841,1064.12 
510.1.100.14452,618,0123.88 
610.1.100.11851,867,5443.83 
710.1.100.14951,274,9973.791 denials recorded on 11/13/2006 4:32:48 PM
810.1.100.10347,923,7693.54 
910.1.90.10144,240,5483.27 
1010.1.100.14239,627,7452.93 
1110.1.100.12036,235,0272.68 
1210.1.100.12934,758,7962.57 
1310.1.100.15733,634,1452.48 
1410.1.100.14533,562,0532.48 
1510.1.100.16229,648,7292.19 
1610.1.1.8727,501,9582.03 
1710.1.100.13427,394,9062.02 
1810.1.100.10927,296,5322.02 
1910.1.100.15826,931,3091.99 
2010.1.100.11323,350,7511.72 
2110.1.1.814,994,4801.11 
2210.1.100.10414,796,7111.09 
2310.1.100.10613,784,5651.02 
2410.1.100.14811,777,4670.87 
2510.1.100.12111,396,2190.84 
2610.1.100.13910,811,9090.80 
2710.1.100.10710,020,4120.74 
2810.1.100.1479,081,8270.67 
2910.1.100.1157,366,8100.54 
3010.1.100.1007,237,4410.53 
3110.1.90.1087,032,5010.52 
3210.1.100.1405,359,7970.40 
3310.1.1.1755,140,5660.38 
3410.1.100.1014,763,7200.35 
3510.1.100.1324,590,3040.34 
3610.1.1.594,450,8070.33 
3710.1.100.1224,264,0580.31 
3810.1.100.1314,135,9940.31 
3910.1.100.1513,871,4150.29 
4010.1.100.1353,784,0800.28 
4110.1.100.1553,226,6530.24 
4210.1.100.1142,880,1420.21 
4310.1.90.1072,876,4780.21 
4410.1.100.1412,621,2710.19 
4510.1.1.882,605,7840.19 
4610.1.100.1232,537,2050.19 
4710.1.90.1002,402,4530.18 
4810.1.90.1041,962,4770.14 
4910.1.1.691,826,7690.13 
5010.1.90.1061,552,5100.11 



Top 50 destinations out of 2527 unique destinations

NoDestinationBytes%Comment
164.18.6.12277,143,37620.46 
2216.183.239.10157,584,0264.25 
3199.81.204.5038,929,2092.87 
4208.108.152.4932,861,1372.43 
566.184.207.18130,694,2442.27 
612.120.17.11026,379,9711.95 
712.120.109.11025,176,3811.86 
8212.135.151.17617,172,3291.27 
9205.177.95.2715,452,7191.14 
1066.77.9.20213,438,6960.99 
11199.181.132.24412,136,9320.90 
1265.203.233.13411,443,6340.84 
1312.120.33.11011,370,0630.84 
1464.215.170.19111,260,3350.83 
1564.86.95.7211,048,2000.82 
16216.136.156.8710,930,5000.81 
1772.246.74.329,923,8210.73 
1868.142.122.879,730,3740.72 
19200.94.128.858,611,1080.64 
2064.147.181.348,236,1890.61 
21206.192.32.968,148,1610.60 
2266.150.243.207,861,3310.58 
23170.128.168.157,829,7020.58 
2469.46.29.27,734,3420.57 
2564.12.136.897,269,8290.54 
2664.86.95.246,995,9000.52 
2764.215.170.1846,649,1110.49 
2864.86.95.165,925,0160.44 
2966.235.199.1895,853,4230.43 
3064.86.95.825,647,9630.42 
31206.166.192.1085,525,7250.41 
32199.181.132.1415,437,0360.40 
3363.99.250.1955,359,4720.40 
34216.239.114.2374,996,8620.37 
3564.128.102.2214,913,9060.36 
36206.192.32.904,712,1900.35 
37204.117.214.104,705,7810.35 
3866.33.52.404,603,1370.34 
3966.77.9.2014,511,8930.33 
4064.236.22.1064,473,1420.33 
4164.157.128.1574,440,6020.33 
4264.86.95.84,379,1980.32 
4366.77.9.2114,300,8820.32 
44198.151.61.1004,297,7030.32 
4566.77.9.2094,177,9430.31 
4664.12.88.903,939,3650.29 
47216.52.152.2383,833,5400.28 
4864.215.170.1853,809,8300.28 
4966.213.126.1663,808,8780.28 
50128.121.21.893,763,2390.28 




Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
110.1.1.19SMTP/257,459277,143,37620.46 
210.1.100.138HTTP/803,643137,081,96710.12 
310.1.100.159RTSP/5540257,584,0264.25 
410.1.100.144HTTP/8030952,499,7293.88 
510.1.100.149HTTP/802,12849,297,4513.641 denials recorded on 11/13/2006 4:32:48 PM
610.1.100.143HTTP/801,75547,831,3233.53 
710.1.100.103HTTP/802,94544,871,2533.31 
810.1.90.101TCP/443 - ssl-https24041,659,6813.08 
910.1.100.142HTTP/801,60338,723,8142.86 
1010.1.100.120HTTP/801,43033,239,0752.45 
1110.1.100.118HTTP/801,89532,925,1242.43 
1210.1.100.157HTTP/801,78032,123,5632.37 
1310.1.100.129HTTP/8032729,564,1522.18 
1410.1.100.145HTTP/801,81527,619,6382.04 
1510.1.100.134HTTP/802,01226,959,5241.99 
1610.1.100.162HTTP/8074126,092,4551.93 
1710.1.100.158HTTP/801,44924,786,7051.83 
1810.1.100.113HTTP/801,92722,851,1281.69 
1910.1.1.87TCP/443 - ssl-https5222,442,3901.66 
2010.1.100.159HTTP/801,40322,090,4831.63 
2110.1.100.109HTTP/8059116,899,4291.25 
2210.1.100.118RTSP/5540115,452,7191.14 
2310.1.100.138TCP/443 - ssl-https12715,202,8781.12 
2410.1.100.104HTTP/8080513,741,0861.01 
2510.1.100.106HTTP/8096913,610,3471.00 
2610.1.1.19HTTP/802311,773,9410.87 
2710.1.100.121HTTP/801,28111,080,2200.82 
2810.1.100.109TCP/443 - ssl-https9110,373,3870.77 
2910.1.100.147HTTP/806558,746,1590.65 
3010.1.100.148HTTP/807818,650,9680.64 
3110.1.100.107HTTP/801898,509,6990.63 
3210.1.100.143TCP/8080 - http proxy037,734,3420.57 
3310.1.100.100HTTP/801816,694,8550.49 
3410.1.100.139HTTP/802996,369,5110.47 
3510.1.100.115HTTP/805655,865,5820.43 
3610.1.100.145TCP/1935045,434,5600.40 
3710.1.100.129TCP/443 - ssl-https505,194,6440.38 
3810.1.100.140HTTP/803694,854,7400.36 
3910.1.100.101HTTP/802274,656,5770.34 
4010.1.90.108HTTP/803494,470,5140.33 
4110.1.100.139NETSHOW/1755014,440,6020.33 
4210.1.1.59UDP/53 - dns4,7834,348,8820.32 
4310.1.1.87HTTP/803284,248,2510.31 
4410.1.100.132HTTP/803773,914,4670.29 
4510.1.100.122HTTP/809763,701,5180.27 
4610.1.100.151HTTP/801813,575,8280.26 
4710.1.100.162TCP/443 - ssl-https313,490,9040.26 
4810.1.100.118TCP/443 - ssl-https2243,487,4840.26 
4910.1.100.148TCP/443 - ssl-https2553,126,4990.23 
5010.1.100.155HTTP/803443,091,8240.23 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
110.1.1.1964.18.6.12SMTP/257,459277,143,37620.46 
210.1.100.159216.183.239.101RTSP/5540257,584,0264.25 
310.1.90.101199.81.204.50TCP/443 - ssl-https7338,608,8852.85 
410.1.100.138208.108.152.49HTTP/808232,861,1372.43 
510.1.100.14466.184.207.181HTTP/800330,694,2442.27 
610.1.100.13812.120.17.110HTTP/800625,150,4981.86 
710.1.100.12912.120.109.110HTTP/800423,080,1911.70 
810.1.100.118205.177.95.27RTSP/5540115,452,7191.14 
910.1.100.138212.135.151.176TCP/443 - ssl-https3012,969,1220.96 
1010.1.1.1966.77.9.202HTTP/800111,572,1740.85 
1110.1.1.8765.203.233.134TCP/443 - ssl-https0211,443,6340.84 
1210.1.1.87216.136.156.87TCP/443 - ssl-https2910,930,5000.81 
1310.1.100.14468.142.122.87HTTP/80019,730,3740.72 
1410.1.100.14972.246.74.32HTTP/80609,680,8510.711 denials recorded on 11/13/2006 4:32:48 PM
1510.1.100.118200.94.128.85HTTP/80668,611,1080.64 
1610.1.100.14464.147.181.34HTTP/80138,236,1890.61 
1710.1.100.109206.192.32.96HTTP/80178,148,1610.60 
1810.1.100.14912.120.33.110HTTP/80028,047,2080.59 
1910.1.100.14369.46.29.2TCP/8080 - http proxy037,734,3420.57 
2010.1.100.16264.215.170.191HTTP/80017,477,8130.55 
2110.1.100.13464.12.136.89HTTP/80807,269,8290.54 
2210.1.100.10964.86.95.72TCP/443 - ssl-https076,066,5240.45 
2310.1.100.13866.235.199.189HTTP/801395,853,4230.43 
2410.1.100.157206.166.192.108HTTP/80425,525,7250.41 
2510.1.100.10363.99.250.195HTTP/80675,359,4720.40 
2610.1.100.10764.128.102.221HTTP/80204,913,9060.36 
2710.1.100.13866.150.243.20HTTP/804744,805,8980.35 
2810.1.100.109206.192.32.90HTTP/80124,712,1900.35 
2910.1.100.129170.128.168.15TCP/443 - ssl-https234,641,8900.34 
3010.1.100.14966.33.52.40HTTP/80204,603,1370.34 
3110.1.100.13964.157.128.157NETSHOW/1755014,440,6020.33 
3210.1.100.103198.151.61.100HTTP/80724,294,0040.32 
3310.1.100.13464.12.88.90HTTP/802043,939,3650.29 
3410.1.100.149216.52.152.238HTTP/80183,833,5400.28 
3510.1.100.157128.121.21.89HTTP/80043,763,2390.28 
3610.1.100.147208.65.155.222HTTP/80013,680,3480.27 
3710.1.100.10366.213.126.166HTTP/804993,601,9660.27 
3810.1.1.59204.117.214.10UDP/53 - dns3,3443,545,3220.26 
3910.1.100.145216.239.122.220HTTP/80153,393,7720.25 
4010.1.100.109170.128.168.15TCP/443 - ssl-https133,187,8120.24 
4110.1.100.143199.181.132.244HTTP/80603,122,3880.23 
4210.1.100.11364.86.95.8HTTP/80093,036,0940.22 
4310.1.100.15968.142.213.135HTTP/80152,993,5750.22 
4410.1.100.13412.144.36.179HTTP/801342,850,5580.21 
4510.1.100.100207.230.154.254HTTP/80022,818,4520.21 
4610.1.100.14364.236.22.107HTTP/801882,759,1030.20 
4710.1.1.175198.135.110.181TCP/443 - ssl-https962,735,4180.20 
4810.1.100.162212.135.151.176TCP/443 - ssl-https072,670,8650.20 
4910.1.100.13868.152.44.17HTTP/80342,618,4890.19 
5010.1.100.145209.133.111.145TCP/1935012,559,2850.19 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1HTTP/8039,308816,457,38960.28 
2SMTP/257,459277,143,37620.46 
3TCP/443 - ssl-https3,394138,301,27410.21 
4RTSP/5540774,527,1505.50 
5TCP/1935138,737,9100.65 
6TCP/8080 - http proxy617,789,6180.58 
7UDP/53 - dns7,2976,146,9040.45 
8NETSHOW/1755014,440,6020.33 
9TCP/8200471,110,4900.08 
10TCP/880139811,3170.06 
11TCP/1863 - msn messenger49675,0960.05 
12FTP-DATA/118801547,2470.04 
13FTP-DATA/118701482,6460.04 
14TCP/2437101416,0170.03 
15TCP/2291901415,9060.03 
16TCP/2281301415,9030.03 
17TCP/454301415,9030.03 
18TCP/1858401415,9030.03 
19TCP/2694301415,9030.03 
20TCP/4600101415,8830.03 
21TCP/1827801415,8830.03 
22TCP/5097401415,8830.03 
23TCP/477401415,8830.03 
24TCP/356501415,8830.03 
25TCP/2080001415,8830.03 
26TCP/5464701415,8830.03 
27TCP/1142501415,8830.03 
28TCP/1740301415,8830.03 
29TCP/2161101415,8830.03 
30TCP/2558901415,8830.03 
31TCP/2272501415,8830.03 
32TCP/3845801415,8830.03 
33TCP/3921901415,8830.03 
34TCP/3968601415,8830.03 
35TCP/2349601415,8830.03 
36TCP/2777201415,8830.03 
37TCP/2866801415,8830.03 
38TCP/4614201415,8830.03 
39TCP/1785701415,8820.03 
40TCP/5194001414,9430.03 
41TCP/1493001414,9430.03 
42TCP/2117101414,9430.03 
43TCP/5645801414,9430.03 
44TCP/2667901414,9430.03 
45TCP/2683301414,9430.03 
46TCP/4179601414,9380.03 
47TCP/5428601414,9370.03 
48TCP/4659801414,6000.03 
49TCP/121201414,6000.03 
50TCP/330034399,9040.03 



Top 50 denied sources

NoSourceConnectionsFirst denial%Comment
1209.157.71.501611/13/2006 10:48:16 AM88.8916 denials recorded on 11/13/2006 10:48:16 AM
210.1.10.20111/13/2006 11:15:35 AM05.561 denials recorded on 11/13/2006 11:15:35 AM
310.1.100.1490111/13/2006 4:32:48 PM05.561 denials recorded on 11/13/2006 4:32:48 PM

Top 50 destinations for denied connections

NoDestinationConnectionsFirst denial%Comment
1801611/13/2006 10:48:16 AM88.89 
266.193.23.1130111/13/2006 11:15:35 AM05.56 
370.96.241.2420111/13/2006 4:32:48 PM05.56 

Top 50 denied protocols

NoDenied protocolConnectionsFirst denial%Comment
1TCP/80 - http1711/13/2006 10:48:16 AM94.44 
2TCP0111/13/2006 11:15:35 AM05.56 



Top 50 denial reasons

NoDenial reasonConnectionsFirst denial%Comment
1Java applet blocked1611/13/2006 10:48:16 AM88.89 
2TCP half-open count 50 exceeded0111/13/2006 11:15:35 AM05.56 
3Invalid Window Scale option - Initiator scale 0 Responder scale 00111/13/2006 4:32:48 PM05.56 



Top 50 denied sources, destinations, protocols and reasons

NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1209.157.71.5080TCP/80 - httpJava applet blocked1611/13/2006 10:48:16 AM88.8916 denials recorded on 11/13/2006 10:48:16 AM
210.1.10.266.193.23.113TCPTCP half-open count 50 exceeded0111/13/2006 11:15:35 AM5.561 denials recorded on 11/13/2006 11:15:35 AM
310.1.100.14970.96.241.242TCP/80 - httpInvalid Window Scale option - Initiator scale 0 Responder scale 00111/13/2006 4:32:48 PM5.561 denials recorded on 11/13/2006 4:32:48 PM

Top 50 denied protocols and reasons

NoProtocolReasonDenials%Comment
1TCP/80 - httpJava applet blocked1688.89 
2TCPTCP half-open count 50 exceeded015.56 
3TCP/80 - httpInvalid Window Scale option - Initiator scale 0 Responder scale 0015.56 

Top 50 warning messages

NoSourceDestinationProtocolWarningCountFirst warning%Comment
166.193.23.11310.1.10.2TCPMax tcp half-open connections (50) exceeded0111/13/2006 11:15:34 AM100.001 denials recorded on 11/13/2006 11:15:35 AM

Analysis details

Analysis start time1/2/2018 3:54:12 PM
Analysis duration0.13 minutes (7 seconds)
Analysis engine versionCisco IOSlog parser version: 0.02
FireGen40Service.exe - FireGen scheduler service: 4.2.1.0
Filtering criteriaAll entries
Excluded keywordsNone

Glossary

!!!Indicates that a high denials:connections ration has been detected. The current configured ratio is 3. The !!! indicates that the percentage of denials for that hour is bigger than 3 x the connections percentage. This indicates some unusual denial activity that may have to be investigated. The ratio can be configured on the Report Formats interface.
Other messagesThe Other messages represents a list of message not yet configured in the Firegen parser. Please send these messages to us (support@firegen.com) and we will add them in the next Firegen update. These messages are included in the list of message types but they are not yet fully understood by the analyzer.