Here's a good site for log parsing: http://www.loganalysis.org/sections/parsing/application-specific/
Christian C > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf > Of Alexander Simbun > Sent: Tuesday, January 11, 2005 9:56 PM > To: [email protected] > Subject: Re: [FW-1] Getting logs in ascii format using loggrabber > > Hi, > Finally able to figure out the fw1-loggrabber > configuration! It's working right now! Anyway, any > alternative open source software that could generate reports > from the logs generated by fw1-loggrabber? > > Regards, > Alex > > > ----- Original Message ----- > From: "Alexander Simbun" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Wednesday, January 12, 2005 7:20 AM > Subject: Re: [FW-1] Getting logs in ascii format using loggrabber > > > > Hi, > > Sorry still confused...which part of firewall should I > > configured the fwopsec.conf at? Management server or the > enforcement > > (firewall) itself? > > I configured the fwopsec.conf at management server instead of > > enforcement > > (firewall) server. Sorry for a lame question. > > > > Regards, > > Alex > > > > > > ----- Original Message ----- > > From: "Xiaodong Lin" <[EMAIL PROTECTED]> > > To: <[email protected]> > > Sent: Wednesday, January 12, 2005 3:16 AM > > Subject: Re: [FW-1] Getting logs in ascii format using loggrabber > > > > > >> Alex, > >> > >> For the sake of simplicity, I give a clear text > communication mode. > >> In this case, you have to modify the section of LEA as > shown as follows: > >> > >> # The VPN-1/FireWall-1 default settings are: > >> # > >> # sam_server auth_port 18183 > >> # sam_server port 0 > >> # > >> lea_server auth_port 0 > >> lea_server port 18184 > >> # > >> # ela_server auth_port 18187 > >> # ela_server port 0 > >> # > >> # cpmi_server auth_port 18190 > >> # > >> # uaa_server auth_port 19191 > >> # uaa_server port 0 > >> # > >> > >> Also, you have to restart your fw daemon as for the new conf. > >> > >> For the lea.conf, you have to mention ip and port for the > lea server > >> service, and the following is an example for the clear text mode: > >> > >> lea_server ip 192.168.0.1 > >> lea_server port 18184 > >> > >> Where 18184 is the default lea service port. > >> > >> If this still doesn't work, you may have to turn on the debug, and > >> send me the output, and I will take a look at it. For howto of > >> turning on the debug, you may go to project website and > take a look > >> at my post in FAQ of fw1-loggrabber. > >> > >> You may install fw1-loggrabber at the same management > server. What is > >> the platform of CK management server? > >> > >> Regards, > >> > >> Xiaodong > >> > >> > >> > >> -----Original Message----- > >> From: Mailing list for discussion of Firewall-1 > >> [mailto:[EMAIL PROTECTED] On Behalf Of > >> Alexander Simbun > >> Sent: Tuesday, January 11, 2005 11:15 AM > >> To: [email protected] > >> Subject: Re: [FW-1] Getting logs in ascii format using loggrabber > >> > >> Hi, > >> I had configured the fw1-loggrabber 1.11 on my management > >> server plus the OPSEC configuration, but I still can't get > the output result. > >> Anyway, my question is which part that I should configure the > >> fwopsec.conf at? Management server or enforcement module? > My firewall > >> configuration is in cluster HA/LoadBalance mode, so I'm > not sure how > >> to configure OPSEC for fw1-loggrabber module. Is it able > to install > >> fw1-loggrabber at the same management server? > >> > >> Thanks very much. > >> > >> Regards, > >> Alex > >> > >> > >> > >> ----- Original Message ----- > >> From: "Xiaodong Lin" <[EMAIL PROTECTED]> > >> To: <[email protected]> > >> Sent: Tuesday, January 11, 2005 9:55 PM > >> Subject: Re: [FW-1] Getting logs in ascii format using loggrabber > >> > >> > >>> Alex, > >>> > >>> Besides the configuration of CP FW-1, you have to > configure two conf > >>> files of fw1-loggrabber, i.e. fw1-loggrabber.conf and > lea.conf, if > >>> you > >> > >>> use the latest fw1-loggrabber release, fw1-loggrabber > 1.11. For the > >>> detail of howto, you could take a look at > fw1-loggrabber.html inside > >>> the release. This should give u a good start. > >>> > >>> Regards, > >>> > >>> Xiaodong > >>> > >>> -----Original Message----- > >>> From: Mailing list for discussion of Firewall-1 > >>> [mailto:[EMAIL PROTECTED] On Behalf Of > >>> Alexander Simbun > >>> Sent: Monday, January 10, 2005 11:18 PM > >>> To: [email protected] > >>> Subject: [FW-1] Getting logs in ascii format using loggrabber > >>> > >>> Dear all, > >>> Anyone here did or currently use FW1-Loggrabber for > >>> getting the FW-1 logs in to ASCII format logs? I'm > interested to use > >>> FW1-Loggrabber in order to convert our existing FW1 logs file (in > >>> binary > >>> format) into human readable form of logs for our analysis. Any > >>> sample or example that I could refer to on how to setup this open > >>> source software including how to extract the logs? Please > guide me. > >>> Thanks > >> very much. > >>> > >>> Regards, > >>> Alex > >>> > >>> ================================================= > >>> To set vacation, Out-Of-Office, or away messages, send an > email to > >>> [EMAIL PROTECTED] > >>> in the BODY of the email add: > >>> set fw-1-mailinglist nomail > >>> ================================================= > >>> To unsubscribe from this mailing list, please see the > instructions > >>> at http://www.checkpoint.com/services/mailing.html > >>> ================================================= > >>> If you have any questions on how to change your subscription > >>> options, email [EMAIL PROTECTED] > >>> ================================================= > >>> > >>> ================================================= > >>> To set vacation, Out-Of-Office, or away messages, send an > email to > >>> [EMAIL PROTECTED] > >>> in the BODY of the email add: > >>> set fw-1-mailinglist nomail > >>> ================================================= > >>> To unsubscribe from this mailing list, please see the > instructions > >>> at http://www.checkpoint.com/services/mailing.html > >>> ================================================= > >>> If you have any questions on how to change your subscription > >>> options, email [EMAIL PROTECTED] > >>> ================================================= > >> > >> ================================================= > >> To set vacation, Out-Of-Office, or away messages, send an email to > >> [EMAIL PROTECTED] > >> in the BODY of the email add: > >> set fw-1-mailinglist nomail > >> ================================================= > >> To unsubscribe from this mailing list, please see the > instructions at > >> http://www.checkpoint.com/services/mailing.html > >> ================================================= > >> If you have any questions on how to change your > subscription options, > >> email [EMAIL PROTECTED] > >> ================================================= > >> > >> ================================================= > >> To set vacation, Out-Of-Office, or away messages, send an email to > >> [EMAIL PROTECTED] > >> in the BODY of the email add: > >> set fw-1-mailinglist nomail > >> ================================================= > >> To unsubscribe from this mailing list, please see the > instructions at > >> http://www.checkpoint.com/services/mailing.html > >> ================================================= > >> If you have any questions on how to change your > subscription options, > >> email [EMAIL PROTECTED] > >> ================================================= > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, send an email to > > [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, please see the > instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > subscription options, > > email [EMAIL PROTECTED] > > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an > email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription > options, email [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
