Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
yongjun_jin
Participant

fw log Format(accept, drop, reject)

Hello.

I am trying to find fw log format in order to parsing.

I got logs but I don't know each field meaning.

also accept log and drop log are different.( field )

[Expert@gw-18ee86:0]# fw log -n -p -c accept
Date: Jan 16, 2019
8:07:08 5 N/A 1 accept 172.31.6.61 > N/A LogId: <max_null>; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=gw-18ee86..hu5ufg; OriginSicName: cn=cp_mgmt,o=gw-18ee86..hu5ufg; HighLevelLogKey: 18446744073709551615; rule_guid: {4A3B1474-A403-4742-893D-E501A5C5C5B0}; hit: 3; policy: fw1; first_hit_time: 1547593568; last_hit_time: 1547593621; log_id: 10; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;

[Expert@gw-18ee86:0]# fw log -n -p -c drop
Date: Jan 16, 2019
8:06:10 5 N/A 1 drop 172.31.6.61 > eth0 LogId: 1; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=gw-18ee86..hu5ufg; OriginSicName: cn=cp_mgmt,o=gw-18ee86..hu5ufg; HighLevelLogKey: 18446744073709551615; TCP packet out of state: Server to client packet of an old TCP connection; tcp_flags: RST; src: 172.31.6.61; dst: 182.50.136.237; proto: tcp; ProductName: VPN-1 & FireWall-1; svc: 80; sport_svc: 44036; ProductFamily: Network;

anyone have log format document?

thank you.

2 Replies
Maarten_Sjouw
Champion
Champion

The first line is not an actual log line but an update for the hitcounter.

Regards, Maarten
PhoneBoy
Admin
Admin

Am curious why you are trying to use fw log to consume logs.

If you're trying to get the logs to a different system to view them, maybe you should use Log Exporter guide instead?

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events