Hello,
>From the preceding post I can also confirm that the log format changes and
that the first line contains the name of the columns. It is also relevant to
know that when you write a script, from versions to versions new fields will
be added.
For my own development work on firewall log analyzer, I have written a
module that normalizes the log fields. It is written in Java. Whenever this
module does find an unknown field it will notify the user.
For each new releases the module has signaled new fields. To get an overview
of the function
http://www.tla.ch/flaIindex.htm
Bye for now,
Christian ALT
Telecom and Logistics Associates
Network Security Company
ISO 27001 Lead Auditor
http://www.tla.ch
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Jørn
Dahl-Stamnes
Sent: jeudi, 28. septembre 2006 09:49
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Firewall Log format
On Thursday 28 September 2006 09:32, Russell Aspinwall wrote:
> Hi,
>
> For the last 5 years logs have been archived from the Firewall.
> Yesterday, the logs were analysed the first line of each CSV was read
> and the file was analysed to find the maximum size of each field.
> According to the results of 10,000 csv logs, there were 9571 record
> formats. Has Checkpoint ever published details of csv output format?
This is just a guess, but since I have been working with scripts that
analyze
the logs files in CSV format since version 4.1, I have also noticed that the
order of the different columns in each record may change from time to time.
I thing this happens due to the order of the records and what is being
logged.
If the first record only require field A, B an C, then the three first
columns in the CSV file will be these fields. If the second record also
require field D, then the 4th column will be field D, and so on...
As I say... this is only a guess.
But since the name of the columns are in the first line, my scripts looks at
it an use it to determin which column contains what...
--
Jørn Dahl-Stamnes
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
