[fwgold-users] Re: Offline log not recognized (new log format?)
- From: "Gianluca Rotoni" <gianluca@xxxxxxxxxx>
- To: fwgold-users@xxxxxxxxxxxxx
- Date: Wed, 28 May 2003 08:15:22 +0200
Hi,
The FwGold offline log parser uses the same format as the on-line one,
i.e. the output of the "fw log" command.
Try this and let me know.
Regards,
Gianluca
> Hello, I am trying to use fwgold in offline mode on linux (redhat 7.3) with
> log files from Checkpoint NG FP3 and I believe that fwgold doesn't recognize
> my log format.
> See below!
> When I try to import a data file, I have the following errors :
> [root@lvshost fwgold-2.0.10beta]# ./bin/fwgold --config ./etc/fwgold.conf
> --updatedb --offline /usr/2003-05-26.orig --mode client --graphics --makehtml
> --start 2003/05/26 --debug | more
> DB => fw-connections
> MATCH => total
> KEY => COUNTER
> VALUE => 0
> KEY => COLOR
> VALUE => #FF0000
> MATCH => tcp
> KEY => COUNTER
> VALUE => 0
> KEY => COLOR
> VALUE => #00FF00
> KEY => FILTER
> FILTER => proto,eq,tcp
> MATCH => udp
> KEY => COUNTER
> VALUE => 0
> KEY => COLOR
> VALUE => #0000FF
> KEY => FILTER
> FILTER => proto,eq,udp
> MATCH => icmp
> Use of uninitialized value in concatenation (.) or string at ./bin/fwgold
> line 373, <OFFLINE> line 1.
> Use of uninitialized value in concatenation (.) or string at ./bin/fwgold
> line 373, <OFFLINE> line 2.
> and so on....
>
> By the way, to produce my offline log I used this : fwm logexport -n <input
> file> <output file>
> and I have checked in file fwgold.conf that version parameter is set to NG.
>
> I tried to see if there is some differences between old log files from an
> example I fetch from Internet and my log files. It seems I have more
> informations
> in my logs.
> headers from the log file I fetch from internet:
> num;date;time;orig;type;action;alert;i/f_name;i/f_dir;proto;src;dst;service;s_port;len;rule;icmp-type;icmp-code;h_len;ip_vers;sys_msgs
>
> and now my headers:
> num;date;time;orig;type;action;alert;i/f_name;i/f_dir;product;src;dst;proto;rule;service;s_port;xlatesrc;xlatedst;NAT_rulenum;NAT_addtnl_rulenum;xlatedport;xlatesport;th_flags;message_info;icmp-type;icmp-code;log;attack;sys_message:;System
> Alert message;Object;Field;Previous value;Current value;Attack Info
>
>
> the two first data lines of my log files :
> 0;26May2003;23:59:00;192.168.99.11;log;accept;;eth-s2p1c0;inbound;VPN-1 &
> FireWall-1;192.168.8.10;192.168.2.4;tcp;18;https;17765;;;;;;;;;;;;;;;;;;;
> 1;26May2003;23:59:00;192.168.99.21;log;accept;;eth-s1p2c0;inbound;VPN-1 &
> FireWall-1;192.168.8.10;192.168.2.4;tcp;55;https;17765;;;;;;;;;;;;;;;;;;;
>
> Any1 have made fwgold work with NG FP3 ?
>
>
> _Bruno PATIES_
> Security Engineer
> Toulouse, France.
>
>
>
> =================================================
> Archives of this mailing list's
> messages ca be retrieved from
> //www.freelists.org/archives/fwgold-users
> =================================================
> To unsubscribe from this maling list
> send a mail to fwgold-users-request@xxxxxxxxxxxxx
> with the word "unsubscribe" as subject.
> =================================================
> To administer your account visit the site :
> //www.freelists.org/cgi-bin/lsg2.cgi
> =================================================
>
=================================================
Archives of this mailing list's
messages ca be retrieved from
//www.freelists.org/archives/fwgold-users
=================================================
To unsubscribe from this maling list
send a mail to fwgold-users-request@xxxxxxxxxxxxx
with the word "unsubscribe" as subject.
=================================================
To administer your account visit the site :
//www.freelists.org/cgi-bin/lsg2.cgi
=================================================
Other related posts:
