Re: [fwAnalog] Fwanalog on Watchguard Firebox

From: Balázs Bárány (
Date: Sat Jul 10 2004 - 20:54:08 CEST


Does one of your logs look like this?

2003 Jan 4 15:41:01 firewalld[110]: deny in eth0 84 icmp 20 254 8 0 (blocked site) 2003 Jan 4 15:41:56 firewalld[110]: deny in eth0 78 udp 20 128 137 137 (blocked site)

This is from a Watchguard Firebox 6.1 but I have no idea if it is running with default settings or whatever.

> The text export is comma delimited, so is there a fwanalog config file
> that I can edit to tell it what fields are in my logfile?
In, each supported logfile type is in its own function, and a Perl regular expression converts the original format to the HTTPd log format for analog. So to support a new logfile type, one has to write this regular expression.

You can send me in private e-mail a sample of your logfile (covering as many cases as possible, e.g. blocked ICMP/TCP/UDP, other protocols, etc.) and when I find more time, I can possibly create support for your format if it is not yet supported.


Balázs Bárány       ICQ 10747763

A good engineer will make considerable effort to avoid additional effort.

This archive was generated by hypermail 2.1.5 : Sat Aug 07 2004 - 00:42:04 CEST