Dear All,
It seems fw1-lograbber receives incomplete account logs from NG.
When I enabled the online mode I got the following message where there
is no bytes/src/dst etc.....
*loc=4431|time=2005-09-17
20:25:01|action=accept|orig=169.254.140.18|i/f_dir=inbound|i/f_name=E100
05|has_accounting=1|uuid=<432c2e44,00000000,128cfea9,000007b6>|product=V
PN-1 & FireWall-1|__policy_id_tag=product=VPN-1 &
FireWall-1[db_tag={DE3886FA-2DB5-40D3-951B-8D0CF9E50A05};mgmt=winner-w2k1;date=1126956602;policy_name=Standard]|src=192.168.111.175|s_port=38832|dst=192.168.118.165|service=18184|proto=tcp|rule=1*
When I dont use the online mode and using showlogs option I got the same
message with additional parameters. Check the loc value (4431) to verify.
* loc=4431|time=2005-09-17
20:25:01|action=accept|orig=169.254.140.18|i/f_dir=inbound|i/f_name=E100
05|has_accounting=1|uuid=<432c2e44,00000000,128cfea9,000007b6>|product=V
PN-1 & FireWall-1|__policy_id_tag=product=VPN-1 &
FireWall-1[db_tag={DE3886FA-2DB5-40D3-951B-8D0CF9E50A05};mgmt=winner-w2k1;date=1126956602;policy_name=Standard]|src=192.168.111.175|s_port=38832|dst=192.168.118.165|service=18184|proto=tcp|rule=1|elapsed=0:00:01|packets=88|bytes=75336|start_time=17Sep2005
20:25:00|segment_time=17Sep2005
20:25:00|client_inbound_packets=35|client_outbound_packets=53|client_inb
ound_bytes=3595|client_outbound_bytes=71741|client_inbound_interface=E10
005|client_outbound_interface=E10005|server_inbound_packets=0|server_out
bound_packets=0|server_inbound_bytes=0|server_outbound_bytes=0 *
Some times I get bytes value not src,dst and service values.
Can anyone clarify what I am missing here? I use fw-1 loggrabber version
1.11.1 and check point NG
regards,
Sarvan
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Mon Sep 19 2005 - 19:17:36 PDT