cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

User Count

Jump to solution

I'm looking for a way to see how many unique IP's have been passing through the FW during a day. Is there anyone who can tell me how to get this, If I need to run a script that just mails me the total per day every day, that is fine with me, it is just that I do not have a clue how and where to start.

Running R80.10 ATM and no IA in use. We will soon be moving to R80.20 and IA will be enabled also, but this can take another 3-6 months.

Regards, Maarten
Labels (1)
1 Solution

Accepted Solutions
Danny
Pearl

Re: User Count

Jump to solution

I would check if it's possible to get that info from cpstat or cpinfo. If that's not of help I would probably just do a logrotate at midnight, dump the content to text, delete everything except the IPs, sort, uniq, wc -l and email the returned number to my  inbox.

11 Replies
Danny
Pearl

Re: User Count

Jump to solution

I would check if it's possible to get that info from cpstat or cpinfo. If that's not of help I would probably just do a logrotate at midnight, dump the content to text, delete everything except the IPs, sort, uniq, wc -l and email the returned number to my  inbox.

Re: User Count

Jump to solution

According to sk10200: 'too many internal hosts' error in /var/log/messages on Security Gateway, the Security Gateway listens for any IP-based traffic on all interfaces except for the one deemed "external", which is decided by the user and listed in $FWDIR/conf/external.if file. Anytime a host is "heard" talking on a non-external interface, Security Gateway logs this information in $FWDIR/database/fwd.h file and in $FWDIR/database/fwd.hosts file on the Security Gateway.

0 Kudos

Re: User Count

Jump to solution

Sorry Günther W. Albrecht, I checked but it seems that in a unlimited license environment these files do not exist.

Thanks https://community.checkpoint.com/people/917b8439-9d5c-34f0-b86a-f0e1b0a14cbd  we were able to use this and find the number, now I just need to make sure we collect all the correct information, to make sure that when a logfile crosses the 2GB limit, we collect all information of each day.

But we are on the right path.

Regards, Maarten
Danny
Pearl

Re: User Count

Jump to solution

I'm glad I could be of help.

Re: User Count

Jump to solution

This is what we ended up doing:

cd $FWDIR/log
fwm logexport -np -i log/2019-01-17_000000.log -o 2019-01-17_000000.exp
cat 2019-01-16_000000.exp | grep accept | cut -d ';' -f20 | sort | uniq | grep '^10.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' > ip-list

wc -l ip-list > count

Regards, Maarten
0 Kudos
Danny
Pearl

Re: User Count

Jump to solution

Thanks for posting the final solution.

0 Kudos

Re: User Count

Jump to solution

Valid under the assumption that all firewall rules are logged.

Kind regards,
Jozko Mrkvicka
0 Kudos

Re: User Count

Jump to solution

Polished it a bit and put it in a bash script with the added point that you can add the logfile name on the command line:

LF=$1
   if [ "$LF" == "" ]; then
   LF="fw.log"
fi
fwm logexport -np -i $LF | grep accept | cut -d ';' -f20 | sort | uniq | grep '^10.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' > IP-list
wc -l IP-list > count
echo
echo
echo "For logfile $LF the number of unique IPs is:"
cat count

Regards, Maarten
0 Kudos

Re: User Count

Jump to solution

This seems appropriate as all these files are used for is User IP counting for checking the license limits. Unlimited licenses do not need that, of course, but you did not mention that in your initial post at all...

0 Kudos

Re: User Count

Jump to solution

I thought that user based licenses were a thing of the past since the blade licenses? It's a long time ago that I have seen licenses with a user limit, where it also was enforced.

Regards, Maarten
0 Kudos

Re: User Count

Jump to solution

No, we still have user based licenses (e.g. EPS clients) and seat based licenses (e.g. MAB, only the number of concurrent users is limited). Also see Remote Access Users license + count.

0 Kudos