Subject: Re: Firewall Log Formats > From: Srinivasa Rao Addepalli <[EMAIL PROTECTED]> > Is there any standard format of LOG and Accouting entries generated > by firewalls? Or is it pretty much vendor dependent? If there is any > standard format, can somebody tell me where to find this information. > CyberGuard, Aventail, Watchguard and others have adopted WELF logging (WebTrends Enhanced Log Format) as an available format for their firewalls. For a full spec on the WELF format go to http://www.webtrends.com/developers/dev_logfile.htm or you can download the specifications directly from http://www.webtrends.com/download/developers/logstandard/welf3.doc. FW-1, Raptor, Cisco PIX/IOS, IBM, Lucent, Squid, etc all still use their own proprietary log formats. Not trying to be smart here, and the only one that I know of for sure is the Cisco IOS, but since when is Cisco's method of logging considered proprietary???SyslogD works extremely well, comes with just about every distribution of UNIX for free, is portable, can have scripts easily written to function with it, provides a traceable history, can be used for advanced auditing etc... > Is there any standard format of LOG and Accouting entries generated > by firewalls? Or is it pretty much vendor dependent? If there is any > standard format, can somebody tell me where to find this information. So, in response to the above question, Logging in general can usually be setup to send logging data to a system running SyslogD on and can be tightened down if need be. ------------------------------------------------------------------------- - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
