fw1-loggrabber-users Mailing List for FW1-Loggrabber
Brought to you by:
tfellhau
You can subscribe to this list here.
2005 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2008 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2009 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2013 |
Jan
|
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2015 |
Jan
(2) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2017 |
Jan
|
Feb
|
Mar
(3) |
Apr
(5) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Vehbi v. T. <nor...@tw...> - 2013-02-17 17:14:15
|
I found an exclusive and fun way to meet new people online: Twoo.com. ---------------------------------------------------------------- Vehbi added you as a contact on Twoo and wants to connect. Connect on Twoo Copy/paste the following link into your web browser: http://mail.twoo.com/m/50tgxxyh Twoo is the most fun way to meet new people in your area Join over 10 million people Twoo is the fastest growing network for meeting new people. Find out why over 10 million people have already joined Twoo. Chat now The first thing you want to do when you see a nice profile is start a conversation, right? On Twoo we promise you lots of people who are eager to have a chat. The best bit: it's free! Mobile Check out what is happening around you with the iPhone and Android apps. Take Twoo with you wherever you go. ---------------------------------------------------------------- Don't want to receive these mails? Follow this link: http://mail.twoo.com/m/l8WChtyC TWOO NV/SA, Ayazaga Mah Meydan Sok No 28, Beybi Giz Plaza Kat: 26 Maslak, 34396 Istanbul, Turkey in...@tw... BE0834322338. |
From: Vehbi v. T. <nor...@tw...> - 2013-02-09 16:22:39
|
I found an exclusive and fun way to meet new people online: Twoo.com. ---------------------------------------------------------------- Vehbi added you as a contact on Twoo and wants to connect. Connect on Twoo Copy/paste the following link into your web browser: http://mail.twoo.com/m/Z2T9lI8i Twoo is the most fun way to meet new people in your area Join over 10 million people Twoo is the fastest growing network for meeting new people. Find out why over 10 million people have already joined Twoo. Chat now The first thing you want to do when you see a nice profile is start a conversation, right? On Twoo we promise you lots of people who are eager to have a chat. The best bit: it's free! Mobile Check out what is happening around you with the iPhone and Android apps. Take Twoo with you wherever you go. ---------------------------------------------------------------- Don't want to receive these mails? Follow this link: http://mail.twoo.com/m/MSKiyr8_ TWOO NV/SA, Ayazaga Mah Meydan Sok No 28, Beybi Giz Plaza Kat: 26 Maslak, 34396 Istanbul, Turkey in...@tw... BE0834322338. |
From: Vehbi v. T. <nor...@tw...> - 2013-02-01 16:22:36
|
Vehbi added you as a contact on Twoo and wants to connect with you. ---------------------------------------------------------------- Vehbi added you as a contact on Twoo and wants to connect. Connect on Twoo Copy/paste the following link into your web browser: http://mail.twoo.com/m/l8oGdlZV Twoo is the most fun way to meet new people in your area Join over 10 million people Twoo is the fastest growing network for meeting new people. Find out why over 10 million people have already joined Twoo. Chat now The first thing you want to do when you see a nice profile is start a conversation, right? On Twoo we promise you lots of people who are eager to have a chat. The best bit: it's free! Mobile Check out what is happening around you with the iPhone and Android apps. Take Twoo with you wherever you go. ---------------------------------------------------------------- Don't want to receive these mails? Follow this link: http://mail.twoo.com/m/wxgJMmZK TWOO NV/SA, Ayazaga Mah Meydan Sok No 28, Beybi Giz Plaza Kat: 26 Maslak, 34396 Istanbul, Turkey in...@tw... BE0834322338. |
From: a bv <vba...@gm...> - 2009-07-09 07:57:40
|
Hi list, I have an OSSIM and Syslog-NG/PHPSYSLOG-NG servers running which are collecting and processing some logs from the systems. I have also a Checkpoint NGX R65 firewall which is installed on Windows 2003. While keeping the local logs on the FW , i also want to transfer a copy of them to a SYSLOG-NG/PHPSYSLOG-NG running on Ubuntu, and also to an OSSIM server (perhaps to a only to copying 1 of the servers will be needed). How can i do as an best practise with fw-log grabber? Regards |
From: Abstract <th...@gm...> - 2008-02-05 21:15:36
|
Hello, I just wanted to go ahead and answer my own question, this script does in fact work with NGX R65. good luck! On Jan 17, 2008 3:19 PM, Rami Michael <th...@gm...> wrote: > Hello, > > I got interested in this script to make life a little easier when trying > to access checkpoint logs. I see people have gotten it to work with NGX > R62 but I don't see any mention of R65 compatibility anywhere. I think > it * should* be compatible as all of the following seem to be true. > > #1. It was compiled against the latest opsec SDK > #2. There is nothing stating that it should not work. > > When I run the script, I get this same output everytime. I am running > it with no authorization. I checked the script code and see that the > "COMM_IS_DEAD" seems to be the case. However, the port is up and open > and I followed the directions when it came to setting up the lea server > and all that stuff. Does anybody have any ideas or am i simply beating > a dead horse here? > > Thanks, > > Rami > > DEBUG: function open_screen > DEBUG: Open connection to screen. > DEBUG: Logfilename : fw.log > DEBUG: Record Separator : | > DEBUG: Resolve Addresses: No > DEBUG: Show Filenames : No > DEBUG: FW1-2000 : No > DEBUG: Online-Mode : Yes > DEBUG: Audit-Log : No > DEBUG: Show Fieldnames : Yes > DEBUG: function stringlist_search > DEBUG: Processing Logfile: fw.log > DEBUG: function read_fw1_logfile > [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_create: version 5301. > [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_add_name_to_group: > finished successfully. > [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_set_local_names: () > names. finished successfully. > [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_create: finished > successfully. > [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_add_name_to_group: > finished successfully. > [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_set_local_names: > (local_sic_name) names. finished successfully. > [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_add_name_to_group: > finished successfully. > [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_set_local_names: > (127.0.0.1) names. finished successfully. > [ 5130 1122272]@wx000013[17 Jan 14:07:43] sslcaInitC:no sicname > [ 5130 1122272]@wx000013[17 Jan 14:07:43] sslcaInitC:no sicname > [ 5130 1122272]@wx000013[17 Jan 14:07:43] sslcaInitC:no sicname > [ 5130 1122272]@wx000013[17 Jan 14:07:43] sslcaInitC:no sicname > DEBUG: OPSEC LEA conf file is > /opt/vigilance/lea/fw1-loggrabber-1.11.1-linux/lea.conf > DEBUG: Clear text mode has been used. > DEBUG: Server-IP : 192.168.1.101 > DEBUG: Server-Port : 18184 > DEBUG: function read_fw1_logfile_start > DEBUG: OPSEC session start handler was invoked > [ 5130 1122272]@wx000013[17 Jan 14:07:43] fwasync_conn_params: > <c0a80e1e,51304> -> <c05443a9,18184> > [ 5130 1122272]@wx000013[17 Jan 14:07:43] fwasync_connbuf_realloc: > reallocating 0 from 0 to 1036 > [ 5130 1122272]@wx000013[17 Jan 14:07:43] fwasync_connbuf_realloc: > reallocating 0 from 0 to 1036 > [ 5130 1122272]@wx000013[17 Jan 14:07:43] fwasync_mux_in: 9: read: > Connection reset by peer > DEBUG: function read_fw1_logfile_end > DEBUG: OPSEC_SESSION_END_HANDLER called > ERROR: No communication. > [ 5130 1122272]@wx000013[17 Jan 14:07:43] T_event_mainloop_e: > T_event_mainloop_iter returns 0 > DEBUG: function cleanup_fw1_environment > [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_destroy: finished > successfully. > [ 5130 1122272]@wx000013[17 Jan 14:07:43] fwd_env_destroy: env 0x82bc8f8 > (alloced = 1) > [ 5130 1122272]@wx000013[17 Jan 14:07:43] T_env_destroy: env 0x82bc8f8 > [ 5130 1122272]@wx000013[17 Jan 14:07:43] do_fwd_env_destroy: really > destroy 0x82bc8f8 > DEBUG: function close_screen > DEBUG: Close connection to screen. > DEBUG: function exit_loggrabber > DEBUG: function free_lfield_arrays > DEBUG: function free_afield_arrays > DEBUG: function free_lfield_arrays > DEBUG: function free_afield_arrays > > > |
From: Rami M. <th...@gm...> - 2008-01-17 14:19:45
|
Hello, I got interested in this script to make life a little easier when trying to access checkpoint logs. I see people have gotten it to work with NGX R62 but I don't see any mention of R65 compatibility anywhere. I think it * should* be compatible as all of the following seem to be true. #1. It was compiled against the latest opsec SDK #2. There is nothing stating that it should not work. When I run the script, I get this same output everytime. I am running it with no authorization. I checked the script code and see that the "COMM_IS_DEAD" seems to be the case. However, the port is up and open and I followed the directions when it came to setting up the lea server and all that stuff. Does anybody have any ideas or am i simply beating a dead horse here? Thanks, Rami DEBUG: function open_screen DEBUG: Open connection to screen. DEBUG: Logfilename : fw.log DEBUG: Record Separator : | DEBUG: Resolve Addresses: No DEBUG: Show Filenames : No DEBUG: FW1-2000 : No DEBUG: Online-Mode : Yes DEBUG: Audit-Log : No DEBUG: Show Fieldnames : Yes DEBUG: function stringlist_search DEBUG: Processing Logfile: fw.log DEBUG: function read_fw1_logfile [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_create: version 5301. [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_add_name_to_group: finished successfully. [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_set_local_names: () names. finished successfully. [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_create: finished successfully. [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_add_name_to_group: finished successfully. [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_set_local_names: (local_sic_name) names. finished successfully. [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_add_name_to_group: finished successfully. [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_set_local_names: (127.0.0.1) names. finished successfully. [ 5130 1122272]@wx000013[17 Jan 14:07:43] sslcaInitC:no sicname [ 5130 1122272]@wx000013[17 Jan 14:07:43] sslcaInitC:no sicname [ 5130 1122272]@wx000013[17 Jan 14:07:43] sslcaInitC:no sicname [ 5130 1122272]@wx000013[17 Jan 14:07:43] sslcaInitC:no sicname DEBUG: OPSEC LEA conf file is /opt/vigilance/lea/fw1-loggrabber-1.11.1-linux/lea.conf DEBUG: Clear text mode has been used. DEBUG: Server-IP : 192.168.1.101 DEBUG: Server-Port : 18184 DEBUG: function read_fw1_logfile_start DEBUG: OPSEC session start handler was invoked [ 5130 1122272]@wx000013[17 Jan 14:07:43] fwasync_conn_params: <c0a80e1e,51304> -> <c05443a9,18184> [ 5130 1122272]@wx000013[17 Jan 14:07:43] fwasync_connbuf_realloc: reallocating 0 from 0 to 1036 [ 5130 1122272]@wx000013[17 Jan 14:07:43] fwasync_connbuf_realloc: reallocating 0 from 0 to 1036 [ 5130 1122272]@wx000013[17 Jan 14:07:43] fwasync_mux_in: 9: read: Connection reset by peer DEBUG: function read_fw1_logfile_end DEBUG: OPSEC_SESSION_END_HANDLER called ERROR: No communication. [ 5130 1122272]@wx000013[17 Jan 14:07:43] T_event_mainloop_e: T_event_mainloop_iter returns 0 DEBUG: function cleanup_fw1_environment [ 5130 1122272]@wx000013[17 Jan 14:07:43] PM_policy_destroy: finished successfully. [ 5130 1122272]@wx000013[17 Jan 14:07:43] fwd_env_destroy: env 0x82bc8f8 (alloced = 1) [ 5130 1122272]@wx000013[17 Jan 14:07:43] T_env_destroy: env 0x82bc8f8 [ 5130 1122272]@wx000013[17 Jan 14:07:43] do_fwd_env_destroy: really destroy 0x82bc8f8 DEBUG: function close_screen DEBUG: Close connection to screen. DEBUG: function exit_loggrabber DEBUG: function free_lfield_arrays DEBUG: function free_afield_arrays DEBUG: function free_lfield_arrays DEBUG: function free_afield_arrays |
From: Joost De C. <joo...@as...> - 2005-01-05 08:55:45
|
On Wednesday 05 January 2005 09:44, Joost De Cock hurled the following on t= he=20 wire: > Hello list, > > let me start by thanking the developers for making fw1-loggrabber > available. I've just installed in on a test system and I'm already very > fond of it. I am very interested by the following remark in the man page > (yes, I've read it ;) : > > "The idea for fw1-loggrabber was born due to the need =A0of =A0analyzing > Checkpoint FW-1 log data using LIRE (http://www.logreport.org)." > > However, there's no support in LIRE for checkpoint logs, and I'm a bit in > the dark on how to generate reports from the logfiles. > Is there a dlf_converter for checkpoint logs? Oh boy, seems like there IS an fw1_lea2dlf, it's just not activated by=20 default. I'll shut up now. joost DISCLAIMER This e-mail and any attached files are confidential and may be legally priv= ileged. If you are not the addressee, any disclosure, reproduction, copying= , distribution, or other dissemination or use of this communication is stri= ctly prohibited. If you have received this transmission in error please not= ify A.S.T.R.I.D. nv/sa immediately and then delete this e-mail. |
From: Joost De C. <joo...@as...> - 2005-01-05 08:46:21
|
Hello list, let me start by thanking the developers for making fw1-loggrabber available= .=20 I've just installed in on a test system and I'm already very fond of it. I am very interested by the following remark in the man page (yes, I've rea= d=20 it ;) : "The idea for fw1-loggrabber was born due to the need =A0of =A0analyzing=20 Checkpoint FW-1 log data using LIRE (http://www.logreport.org)." However, there's no support in LIRE for checkpoint logs, and I'm a bit in t= he=20 dark on how to generate reports from the logfiles. Is there a dlf_converter for checkpoint logs?=20 I'd be very gratefull if someone could provide me with some pointers. Kind regards, joost PS: In the man page, right after the quote from above, it goes "Meanwhile= their are..." =A0, I think that should be "Meanwhile there are ...". I've logged this as a bug on sourceforge, not sure if those are monitored. PS2: Torsten, I've sent this same message to you since I somehow failed to= notice that there was a mailinglist. My apologies. DISCLAIMER This e-mail and any attached files are confidential and may be legally priv= ileged. If you are not the addressee, any disclosure, reproduction, copying= , distribution, or other dissemination or use of this communication is stri= ctly prohibited. If you have received this transmission in error please not= ify A.S.T.R.I.D. nv/sa immediately and then delete this e-mail. |