[Dshield] submit firewall logs

Mark Rowlands mark.rowlands at minmail.net
Fri May 24 12:55:06 GMT 2002


On Thursday 23 May 2002 6:53 pm, Kevin Whelan wrote:
> I have been trying to find for a while if there is an easy way to submit
> ISA logs.  Does anyone know of any ways of doing this.
>

I suppose it depends how you are doing your logging and for which services 
because there is quite a lot of flexibility in the isa logging mechanisms. 
Also on your definition of easy.......

but generically speaking, use perl!  I should say that I am a zealot and 
believe all NT/2000 machines should have perl installed by default ;-)

1) enable logging..... probably to a file. done in the logs option of the isa 
console.

2) Packet filtering logs:

take a look at the IP packet filters in the ISA  console , on the view menu, 
make sure  advanced is checked. On the details pane,  right click any filter 
you want to log and then click on properties.  then go to the general tab and 
log any packets matching this filter.

3)  take a look under access policies::IP packet Filters::Properties and that 
shows you the format of the logfile. Then take your favourite perl client and 
adjust accordingly.

You could try the cvtwin client and see if that will work with the XP firewall 
option.

4) Replace your isa firewall with openbsd.......just kidding......




More information about the list mailing list