[ https://issues.apache.org/jira/browse/METRON-182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Sirota updated METRON-182: -------------------------------- Assignee: Casey Stella > Create Checkpoint Firewall parser > --------------------------------- > > Key: METRON-182 > URL: https://issues.apache.org/jira/browse/METRON-182 > Project: Metron > Issue Type: New Feature > Reporter: Sunny Kumar > Assignee: Casey Stella > Priority: Minor > Labels: ParserExtension > Original Estimate: 48h > Remaining Estimate: 48h > > Parse checkpoint firewall logs. The format is as below: > Apr 03 10:39:08 [10.255.255.255] Apr 03 2016 10:39:07: %CHKPNT-1-080080: > Origin=tattoine_rey3,Application=Unknown,Operation="Log > In",Subject="Administrator Login",Audit Status=Failure,Info="Administrator > failed to log in: No SIC error message",Operation > Number=11,client_ip=10.255.255.255, > ------------------------------- > {"subject":"\"Administrator Login\"","timestamp2":"Apr 03 2016 > 10:39:07","origin":"tattoine_rey3","ipAddress":"10.255.255.255","audit_status":"Failure","source.type":"checkpointfirewall","original_string":"Apr > 03 10:39:08 [10.255.255.255] Apr 03 2016 10:39:07: %CHKPNT-1-080080: > Origin=tattoine_rey3,Application=Unknown,Operation=\"Log > In\",Subject=\"Administrator Login\",Audit > Status=Failure,Info=\"Administrator failed to log in: No SIC error > message\",Operation > Number=11,client_ip=10.255.255.255,","application":"Unknown","client_ip":"10.255.255.255","operation_number":"11","operation":"\"Log > In\"","timestamp":1459679948000,"info":"\"Administrator failed to log in: No > SIC error message\""} > ################### > Apr 03 10:39:19 [10.255.255.255] Apr 03 2016 10:39:19: %CHKPNT-6-021050: > keyinst, tattoine_rey3, inbound, daemon, , , , , , , , , , , , , , , , , , , > , , , , , , , , , , , , 3Apr2016 10:39:19, 0, VPN-1 & FireWall-1, , , , , , > , , , , , , , , , , , , , , , , , , , , , , , , , , 021050, , , , , , , , , , > , , , , > ------------------------------- > {"timestamp2":"Apr 03 2016 > 10:39:19","interfaceDirection":"inbound","original_string":"Apr 03 10:39:19 > [10.255.255.255] Apr 03 2016 10:39:19: %CHKPNT-6-021050: keyinst, > tattoine_rey3, inbound, daemon, , , , , , , , , , , , , , , , , , , , , , , , > , , , , , , , 3Apr2016 10:39:19, 0, VPN-1 & FireWall-1, , , , , , , , , , , > , , , , , , , , , , , , , , , , , , , , , 021050, , , , , , , , , , , , , > ,","action":"keyinst","ipAddress":"10.255.255.255","eventDate":"3Apr2016 > 10:39:19","tbd54":"021050","origin":"tattoine_rey3","eventSource":"VPN-1 & > FireWall-1","interfaceName":"daemon","timestamp":1459679959000,"tbd22":"0","source.type":"checkpointfirewall"} -- This message was sent by Atlassian JIRA (v6.3.4#6332)