[logs] Re: fw1-lograbber receives incomplete account logs

• Previous message: saravanakumar: "[logs] fw1-lograbber receives incomplete account logs"
• In reply to: saravanakumar: "[logs] fw1-lograbber receives incomplete account logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

FireWall-1 tracks session stats and periodically updates them.  Note the 
"segment time" value in the offline log.  Also note the additional 
values you receive in the offline log.  You can't find out the total 
values until the session is over.

The online log reports the start of the session.  The offline log 
reports the total session statistics.

-Jim

saravanakumar wrote:

> Dear All,
>  
> It seems fw1-lograbber receives incomplete account logs from NG.  
>  
> When I enabled the online mode I  got the following message where 
> there is no bytes/src/dst etc.....
>  
> *loc=4431|time=2005-09-17 
> 20:25:01|action=accept|orig=169.254.140.18|i/f_dir=inbound|i/f_name=E100 
>  05|has_accounting=1|uuid=<432c2e44,00000000,128cfea9,000007b6>|product=V 
>  PN-1 & FireWall-1|__policy_id_tag=product=VPN-1 & 
> FireWall-1[db_tag={DE3886FA-2DB5-40D3-951B-8D0CF9E50A05};mgmt=winner-w2k1;date=1126956602;policy_name=Standard]|src=192.168.111.175|s_port=38832|dst=192.168.118.165|service=18184|proto=tcp|rule=1* 
>
>  
> When I dont use the online mode and using showlogs option I got the 
> same message with additional parameters. Check the loc value (4431) to 
> verify.
>  
> * loc=4431|time=2005-09-17 
> 20:25:01|action=accept|orig=169.254.140.18|i/f_dir=inbound|i/f_name=E100 
>  05|has_accounting=1|uuid=<432c2e44,00000000,128cfea9,000007b6>|product=V 
>  PN-1 & FireWall-1|__policy_id_tag=product=VPN-1 & 
> FireWall-1[db_tag={DE3886FA-2DB5-40D3-951B-8D0CF9E50A05};mgmt=winner-w2k1;date=1126956602;policy_name=Standard]|src=192.168.111.175|s_port=38832|dst=192.168.118.165|service=18184|proto=tcp|rule=1|elapsed=0:00:01|packets=88|bytes=75336|start_time=17Sep2005 
> 20:25:00|segment_time=17Sep2005 
> 20:25:00|client_inbound_packets=35|client_outbound_packets=53|client_inb 
>  ound_bytes=3595|client_outbound_bytes=71741|client_inbound_interface=E10 
>  005|client_outbound_interface=E10005|server_inbound_packets=0|server_out 
>  bound_packets=0|server_inbound_bytes=0|server_outbound_bytes=0 *
>  
> Some times I get bytes value not src,dst and service values.
> Can anyone clarify what I am missing here? I use fw-1 loggrabber 
> version 1.11.1  and check point NG
>  
> regards,
> Sarvan
>
>------------------------------------------------------------------------
>
>_______________________________________________
>LogAnalysis mailing list
>LogAnalysis@private
>http://lists.shmoo.com/mailman/listinfo/loganalysis
>  
>

_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Previous message: saravanakumar: "[logs] fw1-lograbber receives incomplete account logs"
• In reply to: saravanakumar: "[logs] fw1-lograbber receives incomplete account logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Sep 19 2005 - 19:40:07 PDT