-
Oh - yes - these patches are to version 1.11.1.
2009-03-25 18:21:58 UTC by gowen
-
The rule_uid and rule_name fields are new with R60. The rule_uid matches the UID for a rule in (Standard.W, Standard.pf, rulebases_5_0.fws, possibly others).
2009-03-25 18:19:35 UTC by gowen
-
Please pardon me, the amount of work required to figure this out was actually quite small - after I gave in and posted. Quantum uncertainties collapsing, you see.
Small changes to fw1-loggrabber.c and fw1-loggraber.h are all that is required:
*** fw1-loggrabber-1.11.1/fw1-loggrabber.c 2005-02-21 14:41:34.000000000 -0500
--- updated-fw1-loggrabber-1.11.1/fw1-loggrabber.c...
2009-03-25 18:13:47 UTC by gowen
-
The README says:
'If you want other fields to be supported or simply miss some fields in output, please run loggrabber in debug-mode and look for output line telling "Unsupported field".'
But nowhere does it seem to tell me what to do once I've gotten that information 8).
I need to grab the rule_uid (and rule_name) would be nice:
DEBUG: Unsupported field found (Position 9)...
2009-03-25 16:32:02 UTC by gowen
-
A couple of things to note:
1. your conf file says output to screen. As I understand the application, if output were working right, that's were it would go, not to a file.
2. looking at your lea.conf file, I believe the last line is missing some charecters. Mine has the same suffix for both the opsec_sic_name and lea_server lines. I think this is the root cause of your issues...
Erric.
2009-01-09 19:26:34 UTC by eegilbertbpa
-
I'm hoping someone here has gotten this app to work. I've been fighting with it for 2 days with no luck. SIC has been established the checkpoint OPSEC object shows that “trust is established” but when I run the command no logs are pulled into the /var/log/ossim/fw-1.log file and when I turned on debug I receive a few confusing errors about SIC not being established. Any ideas?
The command...
2008-12-30 19:55:31 UTC by dsmith01
-
Is it possible to have the fw1-loggrabber name output files based on the --logfile option or would this need to be a feature request?
Erric.
2008-11-07 17:45:49 UTC by eegilbertbpa
-
Hello,
The OUTPUT_FILE_ROTATESIZE=NUMBER should also allow an unlimited (depending on disk space and log file size of course) option. Setting 0 as the NUMBER does just what I expected, write a ton of zero or near-zero length files instead of disabling the limit.
Thank you,
Erric.
2008-11-07 17:43:47 UTC by eegilbertbpa
-
When LOGGING_CONFIGURATION is set to file, I would expect the flag --showfiles would write it's output into a file instead of stdout.
Currently this is not the case. The output is sent to stdout and a zero length file is written.
This would be most helpful when scripting for running reports.
Thank you,
Erric.
2008-11-07 17:39:52 UTC by eegilbertbpa
-
First, let me thank you for producing a great product.
I implemented it on a Windows box without problems, but when I try to get it going on a Linux box I get the following:
DEBUG: Open connection to screen.
DEBUG: Logfilename : fw.log
DEBUG: Record Separator : |
DEBUG: Resolve Addresses: No
DEBUG: Show Filenames : No
DEBUG: FW1-2000 : No
DEBUG: Online-Mode : Yes...
2007-03-16 14:29:43 UTC by nobody
