| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] FW-1 Logging Inconsistencies
After rotating the fw-1 log I convert it to ascii and not a CSL.
However if you look at the format of the log entries most are in
the form key / data pairs. Just what hashes are for.
What I do is throw away what I don't want in the log entry, make
sure that everything else is in key / data pairs (this is very
easy with perl). For example I change qfe0 to 'interface qfe0'.
Once the log entry has been massaged in this way you can use a
little perl magic:
%Record = split; # Assuming massaged record in $_
fw-1 log records are bound to be different as icmp has no src / dst
port asscociated with it. By using a hash you extract everything you
need. You can then print out what you need as a CSL from whats in
the hash. For example for icmp you could output icmp-type and icmp-code
instead of the ports used for tcp/udp. Assuming your spreadsheet has
a column for protocol you would see icmp and know that entries were
not ports but the icmp type and code.
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
