RE: [logs] What log analyzer to use for Dlink DFL700 (aka Clavist er)?

From: Sanford Whitehouse (SanfordW@private)
Date: Thu Mar 11 2004 - 18:48:40 PST

  • Next message: Rainer Gerhards: "RE: [logs] Log Samples Requested"

    WebTrends has a log format called WELF (WebTrends Enhanced Log Format).
    It's intended for firewalls and VPNS.  A good few products use it.  More
    information can be found at ...

    Sanford Whitehouse
    Counterpane Internet Security
    > -----Original Message-----
    > From: Roger Olofsson [mailto:roger.olofsson@private]
    > Sent: Wednesday, March 10, 2004 7:23 AM
    > To: loganalysis@private
    > Subject: [logs] What log analyzer to use for Dlink DFL700 (aka
    > Clavister)?
    > Dear email-list,
    > I am wondering what tool to use to analyze log files from a 
    > Dlink DFL700 firewall.
    > The log file looks very much like a Clavister firewall 
    > logfile and I suspect that so
    > is the case.
    > I have searched Internet for tools and so far I have found 
    > (via the excellent
    > site) swatch, logcheck, logsurfer, fwanalog 
    > and others. Some of
    > these have regexps that could be modified for the Dlink 
    > (Clavister?) log file format
    > but some have not.
    > I have seen that Clavister parses their log files and sends 
    > them to Webtrends for
    > analysis, but this feels like 'using a web server analysis 
    > tool to analyze a
    > firewall'. I haven't tried Webtrends so I don't know what it 
    > can accomplish though.
    > My question is, is there an existing log analyze tool for the 
    > Dlink (Clavister?)? If
    > so, please let me know.
    > Thanks in advance.
    > /Roger Olofsson
    > _______________________________________________
    > LogAnalysis mailing list
    > LogAnalysis@private
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Thu Mar 11 2004 - 19:03:33 PST