[Dshield] Submitting Watchguard Logs REPOST Sans attachment

Richard Roy RoyR at justicetrax.com
Tue Aug 6 18:19:03 GMT 2002


I had attached a .pdf that I received from the folks at Watchguard which indicated that one could set up the system to log to KIWI syslog and how to do that.  The list moderator politely rejected the post due to the attachment, but has asked that I repost and provide a link.  The link however is on a password protected support site for Watchguard so I cannot provide that.  I have provided the file and will email it to anyone interrested.  Dshield may also host it if possible.

I don't speak 'nix and do not run it in my shop, so I'd need a 3rd party daemon to run in win32.  Anyone know of a freebie? 
Thanks
Rich


-----Original Message-----
From: Richard Roy 
Sent: Tuesday, August 06, 2002 7:26 AM
To: list at dshield.org
Subject: RE: [Dshield] Submitting Watchguard Logs


I have submitted your response to my post to their support team.  I have a support contract and they are generally very good at helping to find answers.  When I get an answer I'll post.
Thanks
Rich

-----Original Message-----
From: Wayne Larmon [mailto:wlarmon at dshield.org]
Sent: Monday, August 05, 2002 3:54 PM
To: list at dshield.org
Subject: RE: [Dshield] Submitting Watchguard Logs



> I've seen there is a tool to parse Watchguard logs to Dshield,
> but it is a manual process.  Does anyone know of a more automated
> process?  Manually moving the log around or filtering it myself
> is not always practical, especially during vacations, etc.  Has
> anyone heard of/come up with a fully automated way to submit
> Watchguard Logs to DShield?

The existing WatchGuard client was user contributed.  As I remember, the
sticking point for making it automated was because WatchGuard writes the log
in a proprietary binary format.  The only way to get a log in an ASCII
format that is understandable was to do a manual export operation from
WatchGuard's controlling software.

This is my understanding based on working with the contributor of the
client.  I don't have any actual experience with WatchGuard.

Is there any way for WatchGuard to write it's log automatically in an ASCII
format?  Can it send logging information to something like Kiwi Syslog
Daemon, that can then write an ASCII log.  If the log can get to an ASCII
format, then we can write a converter that can be put on the Task Scheduler.

Alternatively, does anybody know how to decode the native binary log?

Wayne Larmon
wlarmon at dshield.org



_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list