[Dshield] submit firewall logs
mark.rowlands at minmail.net
Fri May 24 12:55:06 GMT 2002
On Thursday 23 May 2002 6:53 pm, Kevin Whelan wrote:
> I have been trying to find for a while if there is an easy way to submit
> ISA logs. Does anyone know of any ways of doing this.
I suppose it depends how you are doing your logging and for which services
because there is quite a lot of flexibility in the isa logging mechanisms.
Also on your definition of easy.......
but generically speaking, use perl! I should say that I am a zealot and
believe all NT/2000 machines should have perl installed by default ;-)
1) enable logging..... probably to a file. done in the logs option of the isa
2) Packet filtering logs:
take a look at the IP packet filters in the ISA console , on the view menu,
make sure advanced is checked. On the details pane, right click any filter
you want to log and then click on properties. then go to the general tab and
log any packets matching this filter.
3) take a look under access policies::IP packet Filters::Properties and that
shows you the format of the logfile. Then take your favourite perl client and
You could try the cvtwin client and see if that will work with the XP firewall
4) Replace your isa firewall with openbsd.......just kidding......
More information about the list