Hello,
I have been reading through the archives, fogive me if i missed something. However, does anyone have fwanalog working properly for Checkpoint logs? I am exporting logs from NG and they are in the format below. If there is not a parser for this, is there a howto or something if i wanted to create one?
Thanks
more /var/log/fw/cpfw.20050712.export
num;date;time;orig;type;action;alert;i/f_name;i/f_dir;product;log_sys_message;src;dst;proto;rule;service;s_port;TCP packet out of state;tcp_flag
s;xlatesrc;xlatedst;NAT_rulenum;NAT_addtnl_rulenum;xlatedport;xlatesport;ICMP;ICMP Type;ICMP Code;message_info;message;ip_id;ip_len;ip_offset;fr
agments_dropped;during_sec;TCP flags;Attack Info;attack;rpc_prog;start_time;segment_time;elapsed;packets;bytes;client_inbound_packets;client_out
bound_packets;server_inbound_packets;server_outbound_packets;client_inbound_bytes;client_outbound_bytes;server_inbound_bytes;server_outbound_byt es;client_inbound_interface;client_outbound_interface;server_inbound_interface;server_outbound_interface;sys_message:;reason;protocol;port;sync 0;11Jul2005;17:00:03;10.X.X.X;control; ;;daemon;inbound;VPN-1 & FireWall-1;Log file has been switched to: cpfw.20050711.log;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-- _______________________________________________ Outgun.com free e-mail @ www.outgun.com Check out our Premium services - POP3 downloading, e-mail forwarding, and 25MB mailboxes! Powered by OutblazeReceived on Thu Jul 14 18:51:27 2005
This archive was generated by hypermail 2.1.8 : Thu Jul 21 2005 - 09:22:05 CEST