I am pulling firewall hits out of of the syslog output and then loading to Excel for analysis.
The MX logs go to a Linux syslog server and then I use awk to process and format the hits on the rules.
I plan to summarize the results and send it out via email to our security team.
This is really helpful when we get a call asking if the firewall is blocking traffic. I can quickly tell whether they are hitting a rule, and which rule they are hitting.
Is anyone doing anything like this?