I have been working on F1 2.x for a while, and I think that F1
is a very good product in terms of flexibility and functionality.
A few days ago I have been asked a question by a customers of ours.
I am a very security oriented guy while our customer's question is a
management/billing oriented one, that is why I am sending this
question to the list.
The question is as follows: What are F1's capabilities in terms
of log management and analysis? Basically, F1 can protect the
internal network by means of 1) packet filtering or 2) application
gateways. Is it possible to analyze packet filtering logs by means of
some application in order to produce extensive per-user bandwidth usage
reports? Is it possible to account each users's elapsed connection
time on, let us say, a nightly basis?
Browsing http://www.xpert.com/xacct/moreinfo.html I found out that
the Xacct prodict from Xpert Inc CAN effectively generate detailed
accounting reports for traffic and connection time. However, it is
said that:
The low-level networking layer is implemented as an
extension to CheckPoint FireWall-1's filtering module code.
^^^^^^^^^
[...]
and:
Information manipulation layer is implemented as a daemon
processes running in the background on the FireWall machine.
The daemon periodically downloads the kernel-space...
[...]
I am wondering what Xacct really does, and how it is achieved, TECNICALLY.
Comments on Xacct, anyone?
|
|
