[fwAnalog] FW-1 and FW-1 NG logs

From: Daniel Nylander (mail-lists~AT~lidkoping.net)
Date: Wed Oct 01 2003 - 12:05:25 CEST

Hi all

Since nobody here seems to use Firewall-1 NG logs, I started to rewrite the logparsing code myself. There is a big difference between FW-1 (3.x/4.x) and FW-1 NG logs and you should clearify that in fwanalog

TCP without NAT


22Sep2003 9:55:06 drop 10.208.232.86 >en13 product: VPN-1 & FireWall-1; src: xxx.xxx.xxx.xxx; s_port: 2640; dst: xxx.xxx.xxx.xxx; service: 8080; proto: tcp; rule: 103;

TCP with NAT


22Sep2003 9:55:06 accept 10.208.232.86 >en8 product: VPN-1 & FireWall-1; src: 10.138.162.33; s_port: 4040; dst: xxx.xxx.xxx.xxx; service: 4088; proto: tcp; xlatesrc: xxx.xxx.xxx.xxx; xlatesport: 13037; rule: 66;

UDP without NAT


22Sep2003 8:07:21 accept 10.208.232.86 >en5 product: VPN-1 & FireWall-1; src: 172.30.2.250; s_port: 1290; dst: 10.217.10.3; service: 53; proto: udp; rule: 29;

UDP with NAT


22Sep2003 8:26:29 accept 10.208.232.87 >en11 product: VPN-1 & FireWall-1; src: 172.25.10.59; s_port: 1131; dst: xxx.xxx.xxx.xxx; service: 53; proto: udp; xlatesrc: xxx.xxx.xxx.xxx; xlatesport: 59312; rule: 75;

ICMP


22Sep2003 9:55:06 drop 10.208.232.86 >en5 product: VPN-1 & FireWall-1; src: 172.30.2.250; dst: xxx.xxx.xxx.xxx; proto: icmp; icmp-type: 8; icmp-code: 0; rule: 102;

These are the most interesting types of logformats. There might be more..

Daniel

This archive was generated by hypermail 2.1.5 : Tue Nov 25 2003 - 17:22:02 CET