Tina Bird wrote: > On Wed, 11 Dec 2002, Rainer Gerhards wrote: > > >>A - hopefully easy - config question. I am currently searching for how >>to configure firewall one to report to syslog. The more search I do, the >>more I have the impression this is at least hard to do. Am I missing >>something obvious? >> >>I appreciate any response to the potentially silly question... Ah, yes, >>I don't have a FW-1 at hand, that is part of the problem ;) > > > I'm working on configuration guides for a variety of devices, including > Cisco routers and FW-1 boxen, to talk to syslog. Rainer, I'll send you my > not-ready-for-prime-time notes on FW-1 off line. Bear in mind that > they're only good for FW-1 on UNIX...they depend on the UNIX "logger" > utility. One relatively easy way to do this is use the UserDefined option for the rule and specify an external program in the user defined option for policy properties. This will send the log entry as a parameter to the program. I once saw this going to a batch file that appended the data to a text file, to avoid exporting the data later. -- Wayne Pierce wayneat_private New England Information Security Users Group ("NEISUG") http://www.neisug.com Regional Electronic And Computer Crimes Taskforce ("REACCT") http://www.raynhampd.com/REACCT.htm _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 16:25:31 PST