Not really. NetForensics got no problem parsing the "standard" Checkpoint logs.
This "unable to parse" problem ONLY occur on the Checkpoint syslog logs. As long as you transfer the logs from CP to NetForensics using LEA the NetForensics server will know that this is CP logs. But for some strange reason it still couldn't parse the syslog part of the logs. -Torkel -----Opprinnelig melding----- Fra: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] På vegne av Erik Gielow Sendt: 13. april 2007 16:43 Til: [email protected] Emne: Re: [FW-1] NetForensics and Checkpoint syslog The logs generated by the checkpoint are "data" not ascii like a ordinary log. I think this is the problem. eg: the output of file command of splat. file 2007-02-22_163940_2.log 2007-02-22_163940_2.log: data Regards, Erik Gielow. On 4/13/07, Torkel Mathisen <[EMAIL PROTECTED]> wrote: > > Hi, > > Anyone here using NetForensics for collecting Checkpoint logs? > > I got a problem with the Checkpoint syslog messages. Apparently they are > slightly different than ordinary log messages and we get "unable to > parse". > > We use the Checkpoint syslog daemon so that we get syslogs from the > routers included in the SmartView Tracker. However those messages won't > parse in NetForensics. > > So if anyone tried this and got it to work I would appreciate any help. > > Regards, > Torkel > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- ------------------------------------ Erik Gielow SysAdmin - C.E.S.A.R. ------------------------------------ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
