摘要 |
A method is described for processing log data from a set of firewalls between the public Internet (12) and a private intranet (14). The log data comprises a series of records, each of which relates to a data traffic session originating at a source address and specifying a destination address. The set of firewalls are arranged to accept or reject each session on a selected basis. In the method, log data is transferred from the firewalls (10) to a computer system (16). In the computer system (16), the source address in each record is reduced to the corresponding network address, which then regarded as the source address. Next, duplicated sessions are counted and a record is generated from each set of duplicated sessions. Two sessions are regarded as duplicates if they originate at the same source address and specify the same destination address and port number at the destination address. Records relating to accepted sessions are discarded and records which relate to sessions originating at specified known networks are also discarded. |