Re: [fwAnalog] Fwanalog on Watchguard Firebox

From: Balázs Bárány (balazs~AT~tud.at)
Date: Sat Jul 10 2004 - 20:54:08 CEST



Hello,

Does one of your logs look like this?

2003 Jan 4 15:41:01 127.234.247.49 firewalld[110]: deny in eth0 84 icmp 20 254 127.234.234.120 127.234.249.147 8 0 (blocked site) 2003 Jan 4 15:41:56 127.234.247.49 firewalld[110]: deny in eth0 78 udp 20 128 10.11.12.120 10.11.12.255 137 137 (blocked site)

This is from a Watchguard Firebox 6.1 but I have no idea if it is running with default settings or whatever.

> The text export is comma delimited, so is there a fwanalog config file
> that I can edit to tell it what fields are in my logfile?
In fwanalog.sh, each supported logfile type is in its own function, and a Perl regular expression converts the original format to the HTTPd log format for analog. So to support a new logfile type, one has to write this regular expression.

You can send me in private e-mail a sample of your logfile (covering as many cases as possible, e.g. blocked ICMP/TCP/UDP, other protocols, etc.) and when I find more time, I can possibly create support for your format if it is not yet supported.

Regards

-- 
_________________________________________________________________________
Balázs Bárány       balazs~AT~tud.at        http://tud.at       ICQ 10747763

A good engineer will make considerable effort to avoid additional effort.


This archive was generated by hypermail 2.1.5 : Sat Aug 07 2004 - 00:42:04 CEST