Firewall Wizards mailing list archives
RE: Log File Formats...
From: "Moser, Stefan" <stefan.moser () csfb com>
Date: Mon, 24 Aug 1998 12:00:39 +0100
Bret, FireWall-1 stores its log files actually in a binary format (duh!). After you export them into ASCII format, the first line will 'document' the format for individual lines: num;date;time;orig;type;action;alert;i/f_name;i/f_dir;proto;src;dst;service; s_port;len;rule;xlatesrc;xlatedst;xlatesport;xlatedport;imp-type;icmp-code;r pc_prog;sys_msgs 0;24Aug98; 3:05:01;lns23w-0102_159.156.208.195;control;ctl;;daemon;inbound;;;;;;;;;;;;; ;;started sending log to localhost 1;24Aug98; 4:04:01;fwffm1.itffm.ska.com;log;drop;;fddi0;inbound;udp;mgmt-dummy;rtr-dumm y1;snmp;33123;69;62;;;;;;;; ......... There's also an API called LEA (log extraction API) to extract the logs directly. It's part of Checkpoint's OPSEC program, but other than that I don't know much about it. Hope this helps -Stefan On Sunday, August 23, 1998 11:02 PM, Technical Incursion Countermeasures [SMTP:lists () ticm com] wrote:
After being frustrated with the need to do logfile processing onsite I've decided to look at making a generic log analyser. it'll also give me the benefit of being able to do some serious number crunching :}... What I'm looking for is the raw logfile formats for the various firewalls. If anyone knows them - or knows where to look for them I'd be grateful. TIA, Bret Technical Incursion Countermeasures consulting () TICM COM http://www.ticm.com/ ph: (+61)(041) 4411 149(UTC+8 hrs) fax: (+61)(08) 9454 6042 The Insider - a e'zine on Computer security - August Edition out http://www.ticm.com/info/insider/index.html
Current thread:
- Log File Formats... Technical Incursion Countermeasures (Aug 23)
- Re: Log File Formats... Joseph S. D. Yao (Aug 25)
- Re: Log File Formats... Hubert Weikert (Aug 25)
- <Possible follow-ups>
- RE: Log File Formats... Moser, Stefan (Aug 24)
- Re: Log File Formats... Laris Benkis (Aug 27)
- RE: Log File Formats... Euan (Aug 25)