Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] log file headers

To: "'Ned Fleming'" <[email protected]>, [email protected]
Subject: RE: [FW1] log file headers
From: "Reed Mohn, Anders" <[email protected]>
Date: Mon, 28 May 2001 11:17:36 +0200
Sender: [email protected]


My guess is this happens because FW-1
adds the columns to the file as they are used.
For instance, the IKE-log field doesn't show
unless I have installed a security policy during
the timespan of the log.

You can't control this, but someone posted
earlier that they'd talked to Checkpoint about it;
apparently CP said it's a bug that will be fixed in a 
"future release".

I.e. the current (and maybe the next few..) generation of FW-admins will 
just have to deal with this on their own. I have small log files, so
I can easily sort them in MS Excel before importing them into my database.

Cheers,
Anders :)




-----Original Message-----
From: Ned Fleming [mailto:[email protected]]
Sent: 24. mai 2001 23:05
To: [email protected]
Subject: [FW1] log file headers




Our management console ftps our logs to a FreeBSD box, where we can
parse them (or combine them and parse them) with scripts.

The problem is in the logs themselves. Here is the first line from
each of the last 6 days.

num,date,time,orig,type,action,alert,i/f_name,i/f_dir,proto,src,dst,
rule,icmp-type,icmp-code,xlatesrc,xlatedst,service,s_port,len,reason:,
xlatesport,xlatedport,port:,IKELog:,sys_msgs

num,date,time,orig,type,action,alert,i/f_name,i/f_dir,proto,src,dst,
service,s_port,len,rule,xlatesrc,xlatedst,reason:,xlatesport,xlatedport,
icmp-type,icmp-code,port:,sys_msgs

num,date,time,orig,type,action,alert,i/f_name,i/f_dir,proto,src,dst,
service,s_port,len,rule,xlatesrc,xlatedst,reason:,xlatesport,xlatedport,
icmp-type,icmp-code,IKELog:,port:,sys_msgs

num,date,time,orig,type,action,alert,i/f_name,i/f_dir,proto,src,dst,
service,s_port,len,rule,xlatesrc,xlatedst,icmp-type,icmp-code,xlatesport,
xlatedport,reason:,port:,IKELog:,sys_msgs

num,date,time,orig,type,action,alert,i/f_name,i/f_dir,proto,src,dst,
service,s_port,len,rule,xlatesrc,xlatedst,icmp-type,icmp-code,xlatesport,
xlatedport,reason:,port:,IKELog:,sys_msgs

num,date,time,orig,type,action,alert,i/f_name,i/f_dir,proto,src,dst,
service,s_port,len,rule,xlatesrc,xlatedst,xlatesport,xlatedport,icmp-type,
icmp-code,reason:,port:,IKELog:,sys_msgs

My question is this: Why does the order of the columns change from day
to day? How do I control this?

Thanks.

Ned Fleming


-- 
Ned Fleming


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Unknown established TCP packet
Next by Date: RE: [FW1] Secure Remote with NAT client
Previous by thread: [FW1] log file headers
Next by thread: [FW1] Minimum for Fw-1
Index(es):
- Date
- Thread