[Dshield] Submitting Watchguard Logs

Wayne Larmon wlarmon at dshield.org
Mon Aug 5 22:53:44 GMT 2002


> I've seen there is a tool to parse Watchguard logs to Dshield,
> but it is a manual process.  Does anyone know of a more automated
> process?  Manually moving the log around or filtering it myself
> is not always practical, especially during vacations, etc.  Has
> anyone heard of/come up with a fully automated way to submit
> Watchguard Logs to DShield?

The existing WatchGuard client was user contributed.  As I remember, the
sticking point for making it automated was because WatchGuard writes the log
in a proprietary binary format.  The only way to get a log in an ASCII
format that is understandable was to do a manual export operation from
WatchGuard's controlling software.

This is my understanding based on working with the contributor of the
client.  I don't have any actual experience with WatchGuard.

Is there any way for WatchGuard to write it's log automatically in an ASCII
format?  Can it send logging information to something like Kiwi Syslog
Daemon, that can then write an ASCII log.  If the log can get to an ASCII
format, then we can write a converter that can be put on the Task Scheduler.

Alternatively, does anybody know how to decode the native binary log?

Wayne Larmon
wlarmon at dshield.org






More information about the list mailing list