[fwAnalog] fwanalog on Watchguard FireBox

From: stracey~AT~tpsx.com
Date: Fri Sep 24 2004 - 21:56:10 CEST



I saw the post about the Watchguard firewall logs.

I am using Analog 5.32 with fwanalog 0.64.

At first, I tried to run against the .wgl files with no luck. After seeing the post, I tried exporting my watchguard logs to txt files.

The web files are empty with the exception of some general text.

I did notice that the export files contain an extra line in the beginning that says " DO_NOT_EDIT_THIS_FILE!_version_2.00 728". Would this impact the scripts?

Also, I've included a sample of a few lines. The watchguard verion is 7.21.

<snip>
49844508 09/24/04 11:42:48 y http-proxy[17377] [x.x.x.x:1909 216.131.100.190:80/funkyteenwhore/enter.html] Request blocked by WebBlocker (denied for: full nudity, sexual acts/text)

49844538 09/24/04  11:42:50 n allow  out  eth1    44        tcp     20    
   128       x.x.x.x    63.79.4.17       3831      25        syn

(Filtered-SMTP)
49845298 09/24/04 11:43:02 n allow out eth1 44 tcp 20 128 x.x.x.x 216.109.127.60 3829 25 syn
(Filtered-SMTP)
49845308 09/24/04 11:43:03 n allow out eth1 32 udp 20 128 x.x.x.x 152.163.5.75 1089 5190 (Outgoing) 49845688 09/24/04 11:43:08 n allow out eth1 76 udp 20 64 x.x.x.x 128.9.176.30 123 123 (Outgoing)
</snip>

This archive was generated by hypermail 2.1.5 : Thu Feb 24 2005 - 15:02:04 CET