Can 'Top Layer AppSwitch' log files be analyzed?

This article applies to:

WebTrends Firewall Suite 4.X
Security Reporting Center 2.X
Top Layer AppSwitch

Question:

Reply:

The 'Top Layer AppSwitch' device has the ability to generate log files in the format called WELF (WebTrends Enhanced Log Format). The log file must be in this format for Firewall Suite or Security Reporting Center to properly run analysis. A sample of the WELF format is provided below:

id=firewall time="2003-07-01 06:30:09" fw=192.168.1.1 pri=6 proto=http src=192.168.1.1 dst=10.1.1.1 dstname=domain.com arg=/brand/images/logo_pimg.gif op=GET result=304 rcvd=1036 id=firewall time="2003-07-01 06:30:09" fw=192.168.1.1 pri=6 proto=http src=192.168.1.1 dst=10.1.1.1 dstname=domain.com arg=/transparent.gif op=GET result 0 sent=546

Notes:

For more information regarding WELF please see the following articles:

What is the WELF log file format?
https://support.trustwave.com/kb/article.aspx?id=10899
How do I configure my firewall to product WELF log files?
https://support.trustwave.com/kb/article.aspx?id=10282

This article was previously published as:: NETIQKB33984

Last Modified 3/8/2006.
https://support.trustwave.com/kb/KnowledgebaseArticle10020.aspx