Logging, Syslog and Log Anaylsys Forums » Forums » Log Data and Analysis

Wachguard Log Messages

Home

Help

Quick Search

Advanced Search

News:

« previous next »

Pages: [1]

0 Members and 1 Guest are viewing this topic.

Topic Tools

July 23, 2007, 02:01:03 am

naragnu

naragnu

Send naragnu an email.

Show naragnu's last posts.

Show general stats for naragnu.

Newbie
Posts: 1

Wachguard Log Messages

hi everybody,

i will build some log analyzer for my watchguard log, but i found some trouble to understand the log definition, here is sample a watchguard log:

May 2 00:00:00 kwik 2007-05-02 07:54:47 kwik disp="Deny" pri="1" policy="internal policy" src_ip="10.0.0.1" dst_ip="10.1.1.98" pr="1026/udp" src_port="53" dst_port="1026" src_intf="2-Optional-1" dst_intf="1-Trusted" rc="104" msg="IP source spoofing detected, drop packet" pckt_len="70" ttl="64"

question:
1. Any link or document related to watchguard standard log format with example of logs?
2. how to convert ip to country?

thanks for your help before,
best regard

July 23, 2007, 09:20:07 am

mutex

mutex

Show mutex's last posts.

Show general stats for mutex.

Administrator
Newbie
Posts: 782

Re: Wachguard Log Messages

For #1, I believe watchguard, like many others, is fairly secretive about formats. Unlike a lot of others, it looks largely self explanitory, though.

For #2, there are a bunch of libraries that will let you resolve IP's to country codes. Here is one in perl: http://search.cpan.org/dist/IP-Country/

Pages: [1]

« previous next »

Information Security News | Jerry Bell's blog | Enterprise IT | Tropical Fish Information | Tropical Fish Forums