[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] FW-1 Logging Inconsistencies
After rotating the fw-1 log I convert it to ascii and not a CSL. However if you look at the format of the log entries most are in the form key / data pairs. Just what hashes are for. What I do is throw away what I don't want in the log entry, make sure that everything else is in key / data pairs (this is very easy with perl). For example I change qfe0 to 'interface qfe0'. Once the log entry has been massaged in this way you can use a little perl magic: %Record = split; # Assuming massaged record in $_ fw-1 log records are bound to be different as icmp has no src / dst port asscociated with it. By using a hash you extract everything you need. You can then print out what you need as a CSL from whats in the hash. For example for icmp you could output icmp-type and icmp-code instead of the ports used for tcp/udp. Assuming your spreadsheet has a column for protocol you would see icmp and know that entries were not ports but the icmp type and code. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|