[jira] [Updated] (METRON-182) Create Checkpoint Firewall parser

Wed, 01 Jun 2016 22:32:11 -0700 

     [ 
https://issues.apache.org/jira/browse/METRON-182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

James Sirota updated METRON-182:
--------------------------------
    Labels: ParserExtension  (was: )

> Create Checkpoint Firewall parser
> ---------------------------------
>
>                 Key: METRON-182
>                 URL: https://issues.apache.org/jira/browse/METRON-182
>             Project: Metron
>          Issue Type: New Feature
>            Reporter: Sunny Kumar
>            Priority: Minor
>              Labels: ParserExtension
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> Parse checkpoint firewall logs. The format is as below:
> Apr 03 10:39:08 [10.255.255.255] Apr 03 2016 10:39:07: %CHKPNT-1-080080: 
> Origin=tattoine_rey3,Application=Unknown,Operation="Log 
> In",Subject="Administrator Login",Audit Status=Failure,Info="Administrator 
> failed to log in: No SIC error message",Operation 
> Number=11,client_ip=10.255.255.255,
> -------------------------------
> {"subject":"\"Administrator Login\"","timestamp2":"Apr 03 2016 
> 10:39:07","origin":"tattoine_rey3","ipAddress":"10.255.255.255","audit_status":"Failure","source.type":"checkpointfirewall","original_string":"Apr
>  03 10:39:08 [10.255.255.255] Apr 03 2016 10:39:07: %CHKPNT-1-080080: 
> Origin=tattoine_rey3,Application=Unknown,Operation=\"Log 
> In\",Subject=\"Administrator Login\",Audit 
> Status=Failure,Info=\"Administrator failed to log in: No SIC error 
> message\",Operation 
> Number=11,client_ip=10.255.255.255,","application":"Unknown","client_ip":"10.255.255.255","operation_number":"11","operation":"\"Log
>  In\"","timestamp":1459679948000,"info":"\"Administrator failed to log in: No 
> SIC error message\""}
> ###################
> Apr 03 10:39:19 [10.255.255.255] Apr 03 2016 10:39:19: %CHKPNT-6-021050: 
> keyinst, tattoine_rey3, inbound, daemon, , , , , , , , , , , , , , , , , , , 
> , , , , , , , , , , , ,  3Apr2016 10:39:19, 0, VPN-1 & FireWall-1, , , , , , 
> , , , , , , , , , , , , , , , , , , , , , , , , , , 021050, , , , , , , , , , 
> , , , ,
> -------------------------------
> {"timestamp2":"Apr 03 2016 
> 10:39:19","interfaceDirection":"inbound","original_string":"Apr 03 10:39:19 
> [10.255.255.255] Apr 03 2016 10:39:19: %CHKPNT-6-021050: keyinst, 
> tattoine_rey3, inbound, daemon, , , , , , , , , , , , , , , , , , , , , , , , 
> , , , , , , ,  3Apr2016 10:39:19, 0, VPN-1 & FireWall-1, , , , , , , , , , , 
> , , , , , , , , , , , , , , , , , , , , , 021050, , , , , , , , , , , , , 
> ,","action":"keyinst","ipAddress":"10.255.255.255","eventDate":"3Apr2016 
> 10:39:19","tbd54":"021050","origin":"tattoine_rey3","eventSource":"VPN-1 & 
> FireWall-1","interfaceName":"daemon","timestamp":1459679959000,"tbd22":"0","source.type":"checkpointfirewall"}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to