[logs] Checkpoint Firewall rulebase - logs
Jeff Dell
jdell at activeworx.com
Tue Aug 7 10:56:29 PDT 2007
-p disables port resolution..
Cheers,
Jeff
-----Original Message-----
From: loganalysis-bounces at loganalysis.org
[mailto:loganalysis-bounces at loganalysis.org] On Behalf Of James
Sent: Monday, August 06, 2007 7:40 PM
To: Mordechai T. Abzug
Cc: loganalysis at loganalysis.org
Subject: Re: [logs] Checkpoint Firewall rulebase - logs
On 8/6/07, Mordechai T. Abzug <morty at frakir.org> wrote:
> > Another issue with exporting logs via the logger method is that you
> > cannot disable service name resolution (or at least I have lost the
> > switch how to disable it).
>
> IIRC, you can do this with -n. Google confirms [curiously, a post by
> tbird]:
>
> http://www.splunk.com/base/Checkpoint/30987
Unfortunately not (at least on NGX). -n disables hostname resolution
but not service name resolution <sigh>. A trick I have mentioned to
tbird is to name your services
<protocol>_<port_number>
eg tcp_80
but sometimes you will get stomped on by checkpoints default services.
LEA looks like the way to go and when I get around to it I will put an
rfi into checkpoint to add a switch to fw log to disable service name
reolution so that the logs will actually be useful (in a multi vendor
or SIM SEM environment).
Unless someone allready knows a way ...
--
jac
_______________________________________________
LogAnalysis mailing list
LogAnalysis at loganalysis.org
http://www.loganalysis.org/mailman/listinfo/loganalysis
More information about the LogAnalysis
mailing list