The logs go fine to the logging server as evidenced by the test, it's just the contain only whatever message I put into the User Defined alert, which is less than helpful.
Luke Butcher
Ph: 020 7524 6805
Mb: 0794 11 55545
Em: [EMAIL PROTECTED]
> -----Original Message-----
> From: Hiemstra, Brenno [mailto:[EMAIL PROTECTED]]
> Sent: Monday, September 17, 2001 5:11 PM
> To: 'Luke Butcher'; [EMAIL PROTECTED]
> Subject: RE: Checkpoint log forwarding.
>
>
> as far as I know you can only send the loggin else where
> if you set the remote system up as a management station...
>
> not by just altering rulebase or whatever...
>
> > -----Original Message-----
> > From: Luke Butcher [SMTP:[EMAIL PROTECTED]]
> > Sent: maandag 17 september 2001 16:35
> > To: [EMAIL PROTECTED]
> > Subject: Checkpoint log forwarding.
> >
> > I have had a look at phone boy, and haven't turned up the
> answer so I
> > thought I'd post here.
> >
> > I'm looking to forward logs to a central server, I have syslog
> > successfully running on this server.
> >
> > I modified the Checkpoint box (nokia) to forward all
> local1.* rules to it
> > (@10.0.0.1)
> > re-hupped and tested:
> > logger -p local1.info This is a test
> >
> > Works perfectly, I then setup a User defined rule as:
> > $FWDIR/bin/logger -p local1.info Test2
> > and applied this to a test rule:
> > on echo request from my PC to the FW pass and do user
> defined alert.
> >
> > Works a treat, the problem I have is this - I would like a more
> > informative message to be passed to syslog. Ideally $_ (to
> use a Perl
> > syntax). But at least the rule that tripped the alert and
> maybe the src
> > address etc.
> >
> > Is there any information about variables that can be used
> in User defined
> > rules? This facility has great potential but without this
> sort of thing is
> > next to useless.
> >
> > Regards,
> > Luke Butcher
> > Ph: 020 7524 6805
> > Mb: 0794 11 55545
> > Em: [EMAIL PROTECTED]
> >
> >
> >
> > E-mail Disclaimer
> >
> >
> > Nabarro Nathanson
> >
> > Principal office:
> >
> > Lacon House, Theobalds Road
> > London WC1X 8RW
> > Tel: +44 (0)20 7524 6000 Fax: +44(0)20 7524 6524
> >
> > NOTICE
> >
> > This message contains confidential (and potentially legally
> privileged)
> > information solely for its intended recipients and others may not
> > distribute, copy or use it. If you have received this
> communication in
> > error please tell us either by return e-mail or at the
> numbers above and
> > delete it, and any copies of it.
> >
> > The contents of this e-mail are subject to the firms Terms
> of Business
> > copies of which are available on our website.
> >
> > We have taken steps to ensure that this message (and any
> attachments or
> > hyperlinks contained within it) are free from computer
> viruses and the
> > like. However, in accordance with good computing practice
> the recipient is
> > responsible for ensuring that it is actually virus free
> before opening it.
> >
> > Regulated by the Law Society. A list of partners is available at the
> > address above or on our website, http://www.nabarro.com
> >
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
