EventId.Net - Firewalls
EventID.Net

Home Search Events Books Documents TCP/IP Ports Contributors About Us
Log in Q Finder Links Firewalls IT Admin Tasks Log Management Legal
 
FIREGEN NG LINKSYS MODULE
     
 
 
 

FireGen NG Linksys Module Usage

Requirements:
- Linksys firewall
- Firewall logs sent to a Kiwi syslog server using SNMP traps

Accepted log entry formats:

Default Kiwi format:
2006-02-01 00:20:05 Local7.Debug 192.168.5.12 community=public enterprise=1.3.6.1.4.1.3955.1.1.1 enterprise_mib_name=commonModelId.1 uptime=0 agent_ip=192.168.5.12 generic_num=6 specific_num=1 version=Ver1 var01_oid=1.3.6.1.4.1.3955.1.1.0 var01_value="@in UDP from 104.26.108.11:40169 to 67.152.143.150:1027<010>" var01_mib_name=commonModelId.0 var01_value="@in UDP from 104.26.108.11:40169 to 67.152.143.150:1027"

Customized Kiwi format (in order to decrease the log size):
2006-03-24 09:32:25 192.168.11.12 @out 192.168.11.43 28461 www.blackberry.com 80

The Kiwi separator is the Tab character. Email us for more information.

Downloads:
- FgNgLinksys.dll - Version 0.002 - Updated April 4, 2006

Configuring the log profile:
- Start the FireGen NG user interface
- Switch to the Log profiles tab
- Click Add new
- In the Properties section, change the profile name from Profile1 to a name relevant to the specific firewall (i.e. Linksys1)
- As Firewall type select Linksys
- Select the sample log location. FireGen is using the location of the sample log to look for logs that have to be analyzed for the specified time interval.
- In the Log files detection method section enter the Log naming template. For example, if the log for Feb 28, 2006 is named syslog-2006-02-28.log enter syslog-yyyy-mm-dd.log. FireGen will use this template to build the name of the log that has to be analyzed for the selected time interval. For example, if the Sample log is specified as C:\Logs\syslog-2006-02-28.log, the Log naming is entered as syslog-yyyy-mm-dd.log and the selected time interval for the analysis is March 8, 2006, FireGen will attempt to analyze the C:\Logs\syslog-2006-03-08.log. If the log name does not contain a certain date pattern, FireGen will analyze the log specified as Sample log. For example, if the Sample log is specified as C:\Logs\SyslogCatchAll.txt and the Log naming is specified as SyslogCatchAll.txt, FireGen will always analyze this file, regardless of the selected time interval. If the Log files detection method is selected as Analyze the log specified as sample FireGen will analyze the sample log regardless of the other settings.
- Click on the -> button to save the profile (the profile name should move from the Unsaved section to the Saved one as shown below:

- Switch to On Demand
- Select the reporting interval
- Save the settings by clicking the Apply button
- Press Analyze! to run the analysis

 
 

  Featured Links
GFI EventsManager - Network-wide event log management - Download free 30-day trial!

Free Online Event Scanner - Scan your pc for high security events with GFI's free online service.
EventID.Net Subscription - So much information for so little!

 

 

 

 

Legal - EventID.Net © 2001-2008 Altair Technologies Ltd., All rights reserved - Sign up for our Email Newsletter