Re: [logs] What log analyzer to use for Dlink DFL700 (aka Clavister)?

• Previous message: Adrian Grigorof: "Re: [logs] Log Samples Requested"
• In reply to: Roger Olofsson: "[logs] What log analyzer to use for Dlink DFL700 (aka Clavister)?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Roger Olofsson wrote:
> 
> Dear email-list,
> 
> I am wondering what tool to use to analyze log files from a Dlink DFL700 firewall.
> The log file looks very much like a Clavister firewall logfile and I suspect that so
> is the case.

Indeed. D-Link are licensing our tech for the DFL-700 (well, plus a
web gui that doesn't look anything like how we normally do stuff, but
that's segment specialization for you :))


> I have seen that Clavister parses their log files and sends them to Webtrends for
> analysis, but this feels like 'using a web server analysis tool to analyze a
> firewall'. I haven't tried Webtrends so I don't know what it can accomplish though.

Actually, it's "webtrends for firewalls", so it's a bit better than a
webserver stat report. But, yeah, its origins do show :)


> My question is, is there an existing log analyze tool for the Dlink 
> (Clavister?)? If so, please let me know.

D-Link hasn't put up any info on this yet so I'll just point 
you at our KB articles.

Webtrends for firewalls:
  http://www.clavister.com/support/kb/10035/
  (batch converter from our log format to WELF)

eIQnetworks FirewallAnalyzer Enterprise
  http://www.clavister.com/support/kb/10035/
  (eIQnetworks has a built-in analyzer for our log format)

Simple top N talkers scripts (unix and windows):
  http://www.clavister.com/support/kb/10039/
  The windows version assumes clavister firewall logger, which the
  DFL-700 doesn't talk to, but some copying from the unix scripts
  lets you deal with syslog data under windows equally well.
  
If you want to roll your own, you can use the awk script included
in either KB10035 or KB10039 as a starting point.  The log format
is "name=value" pairs all the way, and values containing spaces 
are always quoted.  Or wrap each line in "<event " and "/>" 
pairs and feed them to an XML parser :P



-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Jeff Falgout: "Re: [logs] Log Samples Requested"
• Previous message: Adrian Grigorof: "Re: [logs] Log Samples Requested"
• In reply to: Roger Olofsson: "[logs] What log analyzer to use for Dlink DFL700 (aka Clavister)?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 12 2004 - 12:12:37 PST