fw log Format(accept, drop, reject)

yongjun_jin · ‎2019-01-16

Hello.

I am trying to find fw log format in order to parsing.

I got logs but I don't know each field meaning.

also accept log and drop log are different.( field )

[Expert@gw-18ee86:0]# fw log -n -p -c accept
Date: Jan 16, 2019
8:07:08 5 N/A 1 accept 172.31.6.61 > N/A LogId: <max_null>; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=gw-18ee86..hu5ufg; OriginSicName: cn=cp_mgmt,o=gw-18ee86..hu5ufg; HighLevelLogKey: 18446744073709551615; rule_guid: {4A3B1474-A403-4742-893D-E501A5C5C5B0}; hit: 3; policy: fw1; first_hit_time: 1547593568; last_hit_time: 1547593621; log_id: 10; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;
[Expert@gw-18ee86:0]# fw log -n -p -c drop
Date: Jan 16, 2019
8:06:10 5 N/A 1 drop 172.31.6.61 > eth0 LogId: 1; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=gw-18ee86..hu5ufg; OriginSicName: cn=cp_mgmt,o=gw-18ee86..hu5ufg; HighLevelLogKey: 18446744073709551615; TCP packet out of state: Server to client packet of an old TCP connection; tcp_flags: RST; src: 172.31.6.61; dst: 182.50.136.237; proto: tcp; ProductName: VPN-1 & FireWall-1; svc: 80; sport_svc: 44036; ProductFamily: Network;

anyone have log format document?

thank you.

Maarten_Sjouw · ‎2019-01-16

The first line is not an actual log line but an update for the hitcounter.

Regards, Maarten

PhoneBoy · ‎2019-01-16

Am curious why you are trying to use fw log to consume logs.

If you're trying to get the logs to a different system to view them, maybe you should use Log Exporter guide instead?

Are you a member of CheckMates?

fw log Format(accept, drop, reject)