On Sun, 2 Sep 2001, Ralf Hildebrandt wrote: > On Sun, Sep 02, 2001 at 08:31:07AM +0200, Mamoat_private wrote: > > How is it possible to send the FW-1 log to a central syslog > > server in real time. > > Does FW-1 use syslog() calls at all? If yes, the "man syslog.conf" > Or have they done their own reinvention of syslog() ? Sorry, but FW-1 will not send firewall logs to Syslog (not that's I've ever found). Its a proprotary format so its not like you can even run Swatch on the firewall itself. A better bet may be to run something like Netfilter in front or behind FW-1. The bonus is that That you can take advantage of its log prefixing capability. Something like: iptables -A FORWARD -p tcp --tcp-flags ALL SYN, FIN -j LOG --log-prefix " SYNFINSCAN " iptables -A FORWARD -p icmp -f -j LOG --log-prefix " ICMPFRAG " iptables -A FORWARD -p tcp -d 0/0 --dport 12345:12346 -j LOG --log-prefix " NETBUS " This dumps the detected patterns to messages. Now you just have Swatch or what ever pattern match on the keywords you define. HTH, C ************************************** cbrentonat_private $ chown -R us:us yourbase --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 11:41:18 PDT