Community:Firewall Reports

From Splunk Wiki

(Redirected from Apps:Firewall Reports)
Jump to: navigation, search

The following is a list of commonly used firewall reports:

  • top sources blocked
  • top destinations blocked
  • top services blocked
  • top services accessed
  • top rules
  • open ports per firewall
  • open ports form
  • open ports by firewall - form
  • accessed services by rule number
  • search by service
  • search by source machine
  • search by destination machine
  • all traffic over time
    • split by transport protocol
    • split by port (UDP)
    • split by port (TCP)
    • split by destination machine
    • split by action

If you are dealing with large volumes of firewall data, make sure you understand how to use summary indexing for your firewall data.

Personal tools
Hot Wiki Topics

About Splunk >
  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk