Tina, > On a UNIX FW-1, the configuration changes (which are > >>critical<< security > information) are stored in a file called cpmgmt.aud, within > the FW-1 root log directory. It's plain text, so my FW-1 to > syslog guide recommends just doing a "tail -f" and piping to > logger. Assuming that the same file exists on NT, you'd need > to find a way to do the equivalent -- have a process that > monitors that file for additions, and then writes them to the > Event Log. If that file exist, we can do that with www.mwagent.com - it can forward those files. > > Network connection logs are stored in a > Checkpoint-proprietary binary file. They supply a utility to > convert them to ASCII, so the same general trick works: > convert them to text, pipe them to logger. Since I didn't > have any way to do that sort of sophisticated stuff on > Windows (coding not being my strong suit), I usually just set > the FW-1 to log network connections to SNMP and grabbed them that way. Sounds easy enough to do for the DOS hacks ;) At least I'd try it and see good chance. Problem: I don't have a FW-1 at hand. Sombody out there who has one and would like to try it together with me? Rainer _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Dec 12 2002 - 09:01:10 PST