Watchguard Firebox
Francis J. Lacoste
flacoste at logreport.org
Wed Jul 28 23:01:03 CEST 2004
On July 28, 2004 10:34, Tcollin at nattech.net wrote:
> I'm running Lire 1.5 on Defiant I used the apt-get install to set it up.
> I will read the manage but if you have any idea how to get the logs from
> Watch witch are *.wall files and convert them to a format the Lire will
> like please send it to me.
It it not clear for which version of the Watchguard firewall the current
converter is working. It is pretty old and I think others reported problem
with recent version of the product.
From reading the code, I can say that it is expecting a log file in
syslog format with a format like:
Jul 16 00:00:39 firewall firewalld[130]: deny out eth1:0 61 udp 20 63
10.0.2.194 10.0.0.45 1024 53 (DNS-nonaxi)
But like I said, this converter with Watchguard as of two years ago. I'm
pretty sure that your version is more recent and as a different log format.
Anyway, if you can write a little bit of perl, it's not very hard to implement
your own Dlf converter which will work with your more recent version. There
is a boiler plate converter in doc/examples and if you run in any problems,
don't hesitate to post here.
Thanks for your interest in LogReport, kind regards,
Francis J. Lacoste
--
Francis J. Lacoste . . http://www.logreport.org
/^LogReport$/ . . flacoste at logreport.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : http://lists.logreport.org/pipermail/questions/attachments/20040728/a9cae974/attachment.bin
More information about the Questions
mailing list