Re: [FW-1] NetForensics and Checkpoint syslog

Subject:	Re: [FW-1] NetForensics and Checkpoint syslog
From:	"R.L. Nevot" <r.nevot AT GMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Sun, 15 Apr 2007 14:01:36 +0200

I am using fw1-loggrabber since jan-05 with no problems.
You can connect this piece of software as a LEA agent, and then get logs in
clear text, sent to the syslog.

Best regards

On 4/13/07, Erik Gielow <epgielow AT gmail DOT com> wrote:


The logs generated by the checkpoint are "data"  not ascii
like a ordinary log.  I think this is the problem.

eg:  the output of file command of splat.

file 2007-02-22_163940_2.log
2007-02-22_163940_2.log: data


Regards,

Erik Gielow.

On 4/13/07, Torkel Mathisen <torkel.mathisen AT bbs DOT no> wrote:
>
> Hi,
>
> Anyone here using NetForensics for collecting Checkpoint logs?
>
> I got a problem with the Checkpoint syslog messages. Apparently they are
> slightly different than ordinary log messages and we get "unable to
> parse".
>
> We use the Checkpoint syslog daemon so that we get syslogs from the
> routers included in the SmartView Tracker. However those messages won't
> parse in NetForensics.
>
> So if anyone tried this and got it to work I would appreciate any help.
>
> Regards,
> Torkel
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>



--
------------------------------------
Erik Gielow
SysAdmin - C.E.S.A.R.
------------------------------------

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] NetForensics and Checkpoint syslog, Torkel Mathisen Re: [FW-1] NetForensics and Checkpoint syslog, Erik Gielow Re: [FW-1] NetForensics and Checkpoint syslog, R.L. Nevot <=

Previous by Date:	Re: [FW-1] Splat dual core vs quad core choice., sin
Next by Date:	Re: [FW-1] VPN between R55 and Cisco PIX, Sascha Picchiantano
Previous by Thread:	Re: [FW-1] NetForensics and Checkpoint syslog, Erik Gielow
Next by Thread:	[FW-1] Splat dual core vs quad core choice., Eric Appelboom
Indexes:	[Date] [Thread] [Top] [All Lists]