fwanalog: [fwAnalog] ZyWall 5 addition help

From: Will Prater <lists-wp~AT~mercurycloud.net>
Date: Wed Sep 28 2005 - 10:46:53 CEST

List,

I tried to modify the sonic wall rules to parse the new ZyWall log files. Perhaps one of you can help. Here is a sample:

Sep 27 17:58:52 192.168.0.1 cloudWall src="192.168.0.144: 1037" dst="64.124.170.92:80" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=11 send=5605 rcvd=237299 dir="LAN:WAN" protoID=6 proto="http" trans="Normal" Sep 27 17:58:54 192.168.0.1 cloudWall src="192.168.0.137: 65429" dst="64.124.170.92:80" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=1 send=1160 rcvd=4866 dir="LAN:WAN" protoID=6 proto="http" trans="Normal" Sep 27 17:58:56 192.168.0.1 cloudWall src="123.123.255.255" dst="216.254.30.1" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=0 send=60 rcvd=60 dir="DEV: WAN" protoID=1 proto="icmp" trans="Normal" Sep 27 17:58:57 192.168.0.1 cloudWall src="69.219.203.134: 14023" dst="123.123.255.255:1026" msg="Firewall default policy: UDP (W to W/ ZW)" note="ACCESS DROPPED" devID="001349303557" cat="Access Control" Sep 27 17:59:00 192.168.0.1 cloudWall src="192.168.0.137: 65431" dst="64.124.170.92:80" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=1 send=987 rcvd=777 dir="LAN:WAN" protoID=6 proto="http" trans="Normal" Sep 27 17:59:01 192.168.0.1 cloudWall src="123.123.255.255" dst="216.254.30.1" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=0 send=60 rcvd=60 dir="DEV: WAN" protoID=1 proto="icmp" trans="Normal" Sep 27 17:59:04 192.168.0.1 cloudWall src="192.168.0.137: 65328" dst="64.246.167.158:993" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=61 send=2994 rcvd=5669 dir="LAN:WAN" protoID=6 proto="others" trans="Normal" Sep 27 17:59:06 192.168.0.1 cloudWall src="192.168.0.137: 65434" dst="64.124.170.92:80" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=2 send=1267 rcvd=4438 dir="LAN:WAN" protoID=6 proto="http" trans="Normal" Sep 27 17:59:06 192.168.0.1 cloudWall src="123.123.255.255" dst="216.254.30.1" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=0 send=60 rcvd=60 dir="DEV: WAN" protoID=1 proto="icmp" trans="Normal" Sep 27 17:59:08 192.168.0.1 cloudWall src="192.168.0.137: 54045" dst="140.123.232.23:3192" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=301 send=58 rcvd=46 dir="LAN:WAN" protoID=17 proto="others" trans="Normal" Sep 27 17:59:09 192.168.0.1 cloudWall src="192.168.0.137: 65436" dst="64.124.170.92:80" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=2 send=1191 rcvd=13671 dir="LAN:WAN" protoID=6 proto="http" trans="Normal" Sep 27 17:59:10 192.168.0.1 cloudWall src="192.168.0.127: 62188" dst="216.193.252.79:110" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=1 send=535 rcvd=821 dir="LAN:WAN" protoID=6 proto="pop3" trans="Normal" Sep 27 17:59:10 192.168.0.1 cloudWall src="192.168.0.127: 62189" dst="216.193.252.79:110" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=1 send=495 rcvd=823 dir="LAN:WAN" protoID=6 proto="pop3" trans="Normal" Sep 27 17:59:11 192.168.0.1 cloudWall src="123.123.255.255" dst="216.254.30.1" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=0 send=60 rcvd=60 dir="DEV: WAN" protoID=1 proto="icmp" trans="Normal" Sep 27 17:59:12 192.168.0.1 cloudWall src="192.168.0.137: 65437" dst="64.124.170.92:80" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=4 send=1028 rcvd=2737 dir="LAN:WAN" protoID=6 proto="http" trans="Normal" Sep 27 17:59:13 192.168.0.1 cloudWall src="192.168.0.137: 65439" dst="64.124.170.92:80" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=1 send=983 rcvd=2689 dir="LAN:WAN" protoID=6 proto="http" trans="Normal" Sep 27 17:59:13 192.168.0.1 cloudWall src="192.168.0.137: 65438" dst="64.124.170.92:80" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=1 send=910 rcvd=635 dir="LAN:WAN" protoID=6 proto="http" trans="Normal" Sep 27 17:59:15 192.168.0.1 cloudWall src="192.168.0.137: 65441" dst="64.124.170.92:80" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=1 send=910 rcvd=635 dir="LAN:WAN" protoID=6 proto="http" trans="Normal" Sep 27 17:59:15 192.168.0.1 cloudWall src="192.168.0.137: 65443" dst="64.124.170.92:80" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=1 send=1024 rcvd=2782 dir="LAN:WAN" protoID=6 proto="http" trans="Normal" Sep 27 17:59:16 192.168.0.1 cloudWall src="192.168.0.137: 65444" dst="64.124.170.92:80" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=1 send=971 rcvd=2668 dir="LAN:WAN" protoID=6 proto="http" trans="Normal" Sep 27 17:59:16 192.168.0.1 cloudWall src="192.168.0.15: 49152" dst="216.239.34.10:53" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=302 send=71 rcvd=251 dir="LAN:WAN" protoID=17 proto="domain" trans="Normal" Sep 27 17:59:16 192.168.0.1 cloudWall src="192.168.0.15: 49152" dst="66.102.11.9:53" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=301 send=73 rcvd=110 dir="LAN:WAN" protoID=17 proto="domain" trans="Normal" Sep 27 17:59:16 192.168.0.1 cloudWall src="123.123.255.255" dst="216.254.30.1" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=0 send=60 rcvd=60 dir="DEV: WAN" protoID=1 proto="icmp" trans="Normal" Sep 27 17:59:21 192.168.0.1 cloudWall src="123.123.255.255" dst="216.254.30.1" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=0 send=60 rcvd=60 dir="DEV: WAN" protoID=1 proto="icmp" trans="Normal" Sep 27 17:59:26 192.168.0.1 cloudWall src="123.123.255.255" dst="216.254.30.1" msg="Traffic Log" note="Traffic Log" devID="001349303557" cat="Traffic Log" duration=0 send=60 rcvd=60 dir="DEV: WAN" protoID=1 proto="icmp" trans="Normal"

Received on Wed Sep 28 10:47:02 2005

This archive was generated by hypermail 2.1.8 : Wed Oct 05 2005 - 06:22:05 CEST