Re: [FW-1] Looking for a good reporting tool

[Eric Appelboom <eric@FW1-NOSPAMMWEB.COM>]

The best Logfile parser I have found is SAWMILL from www.flowerfire.com
Sawmill directly supports the following log formats and rus on almost
any platform

Apache Combined With Visitor Cookie
Apache Error Log Format
Apache/NCSA Combined Format With Cookie Last
Apache/NCSA Combined Format With Server Domain After Date
Apache/NCSA Combined Format With Server Domain After Host
Apache/NCSA Combined Format With Server Domain After Size
Apache/NCSA Combined Format With Server Domain Before Host
Apache/NCSA Combined Format With Visitor Cookie
Apache/NCSA Combined Format With WebTrends Cookie
Apache/NCSA Combined Log Format
Apple File Service Log Format
AppleShare IP Log Format
Bind Query Log Format
Bind Response Checks Log Format
Bind Security Log Format
Bulletproof Log Format
Checkpoint Text Log Format
Cisco 827 Log Format (Kiwi, Full Dates, Tabs)
Cisco IOS
Cisco IOS Audit Trail Log Format
Cisco IOS, Alternate
Cisco PIX Log Format
Cisco PIX Log Format (Kiwi)
Cisco PIX Log Format (Kiwi, Full Dates)
Cisco PIX Log Format (Kiwi, Full Dates, Alternate)
Cisco PIX Log Format (Kiwi, Full Double Dates, Tabs)
Cisco PIX Log Format (Unknown Syslogd)
Cisco PIX using Redcreek System Message Viewer Format
Cisco PIX using Redcreek System Message Viewer Format
Cisco PIX, Cisco Syslogd Log Format
Cisco PIX, Syslogd, Alternate Log Format
Combined Proxy Log Format
Common Access Log Format
Common Access Log Format (Claranet)
Common Access Log Format (WebSTAR)
Common Access Log Format, with full URLs
Common Error Log Format
Common Proxy Log Format
Common Referrer Log Format
Communigate Log Format
Communigate Pro Log Format
Filemaker Log Format
Firewall-1 (fw log) Log Format
Firewall-1 (fw logexport) Log Format
Firewall-1 Log Format
G6FTP Log Format
Gauntlet Log Format
Generic W3C Web Server Log Format
GNATBox Log Format
GNATBox Log Format (Long Dates)
GNATBox/Kiwi Log Format
IAS Log Format
IceCast Log Format
IIS 3 Extended Log Format
IIS 3 Log Format
IIS 3 Log Format (dd/mm/yy dates)
IIS 4 or IIS 5 Log Format
iMail Log Format
iMail Log Format, Alternate
ipchains Log Format
iPlanet Error Log Format
IPMon Log Format
iptables Log Format
IPTraf Log Format
Java Bean Application Server Log Format
LinkSys Router Log Format
LISTSERV Log Format
MacOS X FTP Log Format
Mail Essentials Log Format
Microsoft ISA WebProxy Log Format (W3C)
Microsoft Media Server Log Format
Microsoft Proxy Log Format
Microsoft Proxy Log Format (d/m/yy dates)
Miva Access Log Format
NetPresenz Log Format
NetPresenz Log Format (24-hour times, d/m/y dates)
NetPresenz Log Format (d/m/y dates)
Netscape Log Format
Netscape Messenger Log Format
O'Reilly Log Format
Plesk Server Administrator Web Log
Policy Directory Audit Log Format
Policy Directory Security Audit Trail Log Format
portsentry Log Format
Postfix Log Format
ProxyPlus Log Format
Quicktime Streaming Server Log Format
Radius ACT Log Format
Raptor Log Format
Raptor Log Format (Alternate)
RealServer Error Log Format
RealServer Log Format
RealServer Log Format, Alternate
Rumpus Log Format
SecureIIS Log Format
Serv-U FTP Log Format
ShareWay IP Log Format
Shoutcast 1.6 Log Format
Shoutcast 1.8 Log Format
SIMS Log Format
SiteCAM Log Format
SiteKiosk Log Format
Snort Log Format
Software602 Log Format
Squid Log Format
Squid Log Format With Full Headers
tcpdump Log Format (-tt)
tcpdump Log Format (-tt, with interface)
Tiny Personal Firewall Log Format
UNIX FTP Log Format
UNIX Sendmail Log Format
VICOM Gateway Log Format
W3SVC64 Log Format
WebSEAL Audit Log Format
WebSEAL Security Manager Log Format
WebSEAL Wand Audit Log Format
WebSEAL Warning Log Format
WebSTAR FTP Log Format
WebSTAR Log Format
Welcome Log Format
Winproxy Log Format
Winproxy Log Format (2-digit years)
WinRoute Mail Log Format
Wipro Websecure Audit Log Format
Wipro Websecure Debug Log Format
WS_FTP Log Format
WU-FTP Log Format
Zeus Extended Log Format
Zeus Log Format (Alternate Dates)
Zone Alarm Log Format

-----Original Message-----
From: William Rosenberry [mailto:wrosenberry@LUCENT.COM]
Sent: 11 December 2001 10:39
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: Re: [FW-1] Looking for a good reporting tool


My current client is likes what were doing with WebTrends Firewall
Suite. You can set it up to retrieve the logs live (opsec lea) schedule
reports to run in the middle of the night, ship the reports off to a
webserver where they can view them.

I also wanted to do a report on the logs showing what has gone on in the
last hour, but unless your using UTC time zone on your firewall it will
not work (until the next release they say)


On 11 Dec 2001 at 13:22, Robin Brewer wrote:

>
> I am looking for a good tool for generating usage reports from the
> FW-1 logs. Any recommendations ? Thanks,
> Robin

=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
If you have any questions on how to change your
subscription options, email Ron Alcatraz at: ralcatra@ts.checkpoint.com
=================================================

=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
If you have any questions on how to change your
subscription options, email Ron Alcatraz at:
ralcatra@ts.checkpoint.com
=================================================