[fwAnalog] fwanalog on Watchguard FireBox

From: stracey~AT~tpsx.com
Date: Fri Sep 24 2004 - 21:56:10 CEST


I saw the post about the Watchguard firewall logs.

I am using Analog 5.32 with fwanalog 0.64.

At first, I tried to run against the .wgl files with no luck. After seeing the post, I tried exporting my watchguard logs to txt files.

The web files are empty with the exception of some general text.

I did notice that the export files contain an extra line in the beginning that says " DO_NOT_EDIT_THIS_FILE!_version_2.00 728". Would this impact the scripts?

Also, I've included a sample of a few lines. The watchguard verion is 7.21.

<snip>
49844508 09/24/04 11:42:48 y http-proxy[17377] [x.x.x.x:1909 216.131.100.190:80/funkyteenwhore/enter.html] Request blocked by WebBlocker (denied for: full nudity, sexual acts/text) 

49844538 09/24/04  11:42:50 n allow  out  eth1    44        tcp     20    
   128       x.x.x.x    63.79.4.17       3831      25        syn


(Filtered-SMTP)

49845298 09/24/04  11:43:02 n allow  out  eth1    44        tcp     20    
   128       x.x.x.x    216.109.127.60   3829      25        syn


(Filtered-SMTP)

49845308 09/24/04  11:43:03 n allow  out  eth1    32        udp     20    
   128       x.x.x.x    152.163.5.75     1089      5190      (Outgoing)
49845688 09/24/04  11:43:08 n allow  out  eth1    76        udp     20    
   64        x.x.x.x      128.9.176.30     123       123       (Outgoing)
</snip>

This archive was generated by hypermail 2.1.5 : Thu Feb 24 2005 - 15:02:04 CET