Re: [FW-1] NetForensics and Checkpoint syslog

Subject:	Re: [FW-1] NetForensics and Checkpoint syslog
From:	Erik Gielow <epgielow AT GMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Fri, 13 Apr 2007 11:43:05 -0300

The logs generated by the checkpoint are "data"  not ascii
like a ordinary log.  I think this is the problem.

eg:  the output of file command of splat.

file 2007-02-22_163940_2.log
2007-02-22_163940_2.log: data


Regards,

Erik Gielow.

On 4/13/07, Torkel Mathisen <torkel.mathisen AT bbs DOT no> wrote:


Hi,

Anyone here using NetForensics for collecting Checkpoint logs?

I got a problem with the Checkpoint syslog messages. Apparently they are
slightly different than ordinary log messages and we get "unable to
parse".

We use the Checkpoint syslog daemon so that we get syslogs from the
routers included in the SmartView Tracker. However those messages won't
parse in NetForensics.

So if anyone tried this and got it to work I would appreciate any help.

Regards,
Torkel

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================




--
------------------------------------
Erik Gielow
SysAdmin - C.E.S.A.R.
------------------------------------

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] NetForensics and Checkpoint syslog, Torkel Mathisen Re: [FW-1] NetForensics and Checkpoint syslog, Erik Gielow <= Re: [FW-1] NetForensics and Checkpoint syslog, R.L. Nevot

Previous by Date:	Re: [FW-1] NGX R60 on IPSO Platform - Site-to-Site VPN, cisco4ng
Next by Date:	[FW-1] Splat dual core vs quad core choice., Eric Appelboom
Previous by Thread:	[FW-1] NetForensics and Checkpoint syslog, Torkel Mathisen
Next by Thread:	Re: [FW-1] NetForensics and Checkpoint syslog, R.L. Nevot
Indexes:	[Date] [Thread] [Top] [All Lists]