AnsweredAssumed Answered

Firewall log format

Question asked by Burak Ozgen on Oct 1, 2017
Latest reply on Oct 3, 2017 by Dameon Welch Abernathy

Hi, i know it will be little deep but why syslog logs separated with "\" while LEA logs separated with ";" ? Is there a option to change log format? Log samples;

 

LEA,

"loc=2302|filename=fw.log|fileid=1506445139|time=26Sep2017 20:18:31|action=accept|orig=10.10.10.254|orig_name=firewall|i/f_dir=inbound|has_accounting=0|product=FG|src=10.10.10.131|s_port=50039|dst=195.244.32.152|service=80|service_name=http|proto=tcp|__policy_id_tag=product=VPN-1 & FireWall-1[db_tag={6CACC116-CA9B-0C40-8058-68405ABF999A};mgmt=fi

rewall;date=1503862935;policy_name=defaultfilter]|origin_sic_name=cn=cp_mgmt,o=firewall.sdfdsfasd.itv9jz","id":"44eb1002a34f11e797330050568269ea","time":1506516252,"hash":"5374aa13"}

 

Syslog,

Sep 28 22:56:48+03:00 192.168.105.1 Action=\"update\" UUid=\"{0x34cd2400,0x0,0x151a8c0,0x817}\" client_name=\"Active Directory Query\" client_version=\"R77\" domain_name=\"dblakdsba\" src=\"10.10.9.11\" endpoint_ip=\"10.10.9.11\" auth_status=\"Successful Login\" identity_src=\"AD Query\" snid=\"53eb3bc8\" src_machine_name=\"lkshdbaksdba\" src_machine_group=\"All Machines\" auth_method=\"Machine Authentication (Active Directory)\" identity_type=\"machine\" Authentication trial=\"this is a reauthentication for session 53eb3bc8\" product=\"Identity Awareness\

 

Waiting for your helps, Thank You.

Outcomes