防火墙监控指标,如何有效评估网络安全性能?
防火墙监控指标,如何有效评估网络安全性能?
防火墙监控指标是评估网络安全性能的关键工具。通过监控这些指标,安全管理员可以全面了解防火墙的运行状况,及时发现并处理潜在的安全威胁。本文将详细介绍各类防火墙监控指标及其统计规则。
一、防火墙日志监控
1、访问次数总量
说明:记录通过防火墙的所有访问请求的总量,包括允许和拒绝的请求。
单位:Count(计数)
统计规则:[60s, sum] [300s, sum] [3600s, sum] [86400s, sum]
2、攻击次数总量
说明:记录所有被防火墙识别为攻击行为的请求数量。
单位:Count(计数)
统计规则:[60s, sum] [300s, sum] [3600s, sum] [86400s, sum]
二、防火墙规则监控
1、规则命中次数
说明:记录每个防火墙规则被触发的次数。
单位:Count(计数)
统计规则:[60s, sum] [300s, sum]
2、规则使用趋势
说明:分析特定时间段内各防火墙规则的使用频率和趋势。
单位:无具体单位,以图表形式展示
统计规则:根据实际需求设定时间间隔
三、防火墙配置监控
1、配置变更次数
说明:记录防火墙配置发生变更的次数。
单位:Count(计数)
统计规则:[60s, sum] [300s, sum] [3600s, sum] [86400s, sum]
2、当前配置状态
说明:实时显示防火墙的当前配置状态,包括启用/禁用的规则、接口状态等。
单位:无具体单位,以文本或表格形式展示
统计规则:实时更新
四、防火墙警报监控
1、警报总数
说明:记录防火墙生成的所有警报数量。
单位:Count(计数)
统计规则:[60s, sum] [300s, sum] [3600s, sum] [86400s, sum]
2、警报类型分布
说明:分析不同类型的警报在总警报中的占比。
单位:百分比(%)
统计规则:根据实际需求设定时间间隔,以图表形式展示
五、流量监控指标
指标英文名 | 指标中文名 | 说明 | 单位 | 维度 | 统计规则 |
|---|---|---|---|---|---|
BlockListHit | 封禁列表命中次数 | 封禁列表命中次数 | Count | status | [60s, sum] [300s, sum] |
BypassInPeakBandwidth | 旁路入站峰值带宽 | 旁路入站峰值带宽 | Mbps | edge_default | [60s, max] [300s, max] |
BypassOutPeakBandwidth | 旁路出站峰值带宽 | 旁路出站峰值带宽 | Mbps | edge_default | [60s, max] [300s, max] |
Edgerulehittimes | 互联网边界规则命中次数 | 互联网边界规则命中次数 | Count | edge_rule_id | [60s, sum] [300s, sum] |
Enginestatus | 引擎状态 | 引擎状态 | Count | ewid | [60s, avg] [300s, avg] [3600s, avg] [86400s, avg] |
InPeakBandwidth | 入站峰值带宽 | 入站峰值带宽 | Mbps | edge_ip | [60s, max] [300s, max] |
Masterslavestauts | 主备状态 | 主备状态 | Count | ewid | [60s, avg] [300s, avg] [3600s, avg] [86400s, avg] |
Maxqps | 峰值请求频率 | 峰值请求频率 | Count/s | vpcid | [60s, max] [300s, max] |
Natconntrack | 并发连接数 | 并发连接数 | Count | natid | [60s, avg] [300s, avg] [3600s, avg] [86400s, avg] |
Natenginestatus | 引擎状态 | 引擎状态 | Count | natid | [60s, avg] [300s, avg] [3600s, avg] [86400s, avg] |
Natmasterslavestauts | 主备状态 | 主备状态 | Count | natid | [60s, avg] [300s, avg] |
Natrulehittimes | NAT 边界规则命中次数 | NAT 边界规则命中次数 | Count | nat_rule_id | [60s, sum] [300s, sum] |
NatRuleInHit | NAT 规则入向命中次数 | NAT 规则入向命中次数 | Count | status | [60s, sum] [300s, sum] |
NatRuleOutHit | NAT规则出向命中次数 | NAT规则出向命中次数 | Count | status | [60s, sum] [300s, sum] |
Natruleregionhittimes | NAT 边界规则地域命中次数 | NAT 边界规则地域命中次数 | Count | nat_rule_region | [60s, sum] [300s, sum] |
Natwaninpkg | 外网入包量 | 外网入包量 | Count/s | natid | [60s, avg] [300s, avg] [3600s, avg] [86400s, avg] |
Natwanintraffic | 外网入带宽 | 外网入带宽 | Mbps | natid | [60s, avg] [300s, avg] [3600s, avg] [86400s, avg] |
Natwanoutpkg | 外网出包量 | 外网出包量 | Count/s | natid | [60s, avg] [300s, avg] [3600s, avg] [86400s, avg] |
Natwanouttraffic | 外网出带宽 | 外网出带宽 | Mbps | natid | [60s, avg] [300s, avg] [3600s, avg] [86400s, avg] |
OutPeakBandwidth | 出站峰值带宽 | 出站峰值带宽 | Mbps | edge_ip | [60s, max] [300s, max] |
RegionBypassInPeakBandwidth | 旁路入站峰值带宽 | 旁路入站峰值带宽 | Mbps | edge_region | [60s, max] [300s, max] |
RegionBypassOutPeakBandwidth | 旁路出站峰值带宽 | 旁路出站峰值带宽 | Mbps | edge_region | [60s, max] [300s, max] |
RegionSerialInPeakBandwidth | 串行入站峰值带宽 | 串行入站峰值带宽 | Mbps | edge_region | [60s, max] [300s, max] |
RegionSerialOutPeakBandwidth | 串行出站峰值带宽 | 串行出站峰值带宽 | Mbps | edge_region | [60s, max] [300s, max] |
这些指标共同构成了防火墙监控的核心内容,帮助安全管理员全面了解防火墙的运行状况,及时发现并处理潜在的安全威胁。