RE: Log File Formats...

["Moser, Stefan" <stefan.moser () csfb com>]

Bret,

FireWall-1 stores its log files actually in a binary format (duh!). After
you
export them into ASCII format, the first line will 'document' the format for
individual lines:

num;date;time;orig;type;action;alert;i/f_name;i/f_dir;proto;src;dst;service;
s_port;len;rule;xlatesrc;xlatedst;xlatesport;xlatedport;imp-type;icmp-code;r
pc_prog;sys_msgs
0;24Aug98;
3:05:01;lns23w-0102_159.156.208.195;control;ctl;;daemon;inbound;;;;;;;;;;;;;
;;started sending log to localhost
1;24Aug98;
4:04:01;fwffm1.itffm.ska.com;log;drop;;fddi0;inbound;udp;mgmt-dummy;rtr-dumm
y1;snmp;33123;69;62;;;;;;;;
.........

There's also an API called LEA (log extraction API) to extract the logs
directly. It's part of Checkpoint's OPSEC
program, but other than that I don't know much about it.

Hope this helps

-Stefan

On Sunday, August 23, 1998 11:02 PM, Technical Incursion Countermeasures
[SMTP:lists () ticm com] wrote:
> After being frustrated with the need to do logfile processing onsite I've
> decided to look at making a generic log analyser. it'll also give me the
> benefit of being able to do some serious number crunching  :}...
>
> What I'm looking for is the raw logfile formats for the various firewalls.
> If anyone knows them - or knows where to look for them I'd be grateful.
>
> TIA,
>
> Bret
> Technical Incursion Countermeasures 
> consulting () TICM COM                      http://www.ticm.com/
> ph: (+61)(041) 4411 149(UTC+8 hrs)      fax: (+61)(08) 9454 6042
>
> The Insider - a e'zine on Computer security - August Edition out
> http://www.ticm.com/info/insider/index.html