Community:Firewall Reports

From Splunk Wiki

Jump to: navigation, search

The following is a list of commonly used firewall reports:

  • top sources blocked
  • top destinations blocked
  • top services blocked
  • top services accessed
  • top rules
  • open ports per firewall
  • open ports form
  • open ports by firewall - form
  • accessed services by rule number
  • search by service
  • search by source machine
  • search by destination machine
  • all traffic over time
    • split by transport protocol
    • split by port (UDP)
    • split by port (TCP)
    • split by destination machine
    • split by action



If you are dealing with large volumes of firewall data, make sure you understand how to use summary indexing for your firewall data.

Retrieved from "http://wiki.splunk.com/Community:Firewall_Reports"
Hot Wiki Topics


About Splunk >
  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk