[Dshield] Submitting Watchguard Logs

Richard Roy RoyR at justicetrax.com
Tue Aug 6 14:26:16 GMT 2002

I have submitted your response to my post to their support team.  I have a support contract and they are generally very good at helping to find answers.  When I get an answer I'll post.

-----Original Message-----
From: Wayne Larmon [mailto:wlarmon at dshield.org]
Sent: Monday, August 05, 2002 3:54 PM
To: list at dshield.org
Subject: RE: [Dshield] Submitting Watchguard Logs

> I've seen there is a tool to parse Watchguard logs to Dshield,
> but it is a manual process.  Does anyone know of a more automated
> process?  Manually moving the log around or filtering it myself
> is not always practical, especially during vacations, etc.  Has
> anyone heard of/come up with a fully automated way to submit
> Watchguard Logs to DShield?

The existing WatchGuard client was user contributed.  As I remember, the
sticking point for making it automated was because WatchGuard writes the log
in a proprietary binary format.  The only way to get a log in an ASCII
format that is understandable was to do a manual export operation from
WatchGuard's controlling software.

This is my understanding based on working with the contributor of the
client.  I don't have any actual experience with WatchGuard.

Is there any way for WatchGuard to write it's log automatically in an ASCII
format?  Can it send logging information to something like Kiwi Syslog
Daemon, that can then write an ASCII log.  If the log can get to an ASCII
format, then we can write a converter that can be put on the Task Scheduler.

Alternatively, does anybody know how to decode the native binary log?

Wayne Larmon
wlarmon at dshield.org

Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list