Sample Log File - Check Point Log File Formats


This article applies to:

  • Security Reporting Center 2.0
  • Security Reporting Center 2.1
  • WebTrends Firewall Suite 4.x

Question:

What are sample Log Files in Check Point Log File Formats?

Information:

Sample Opsec LEA Log File

datetime= 9Dec1998 11:43:39 action=reject fw_name=10.0.1.1 dir=inbound
datetime= 9Dec1998 11:43:39 action=reject fw_name=10.0.1.1 dir=inbound
datetime= 9Dec1998 11:43:56 action=ctl fw_name=10.0.1.1 dir=inbound sys_msgs=installed Standard
datetime= 9Dec199811:43:56 action=accept fw_name=10.0.1.1 dir=inbound



Sample Exported Check Point Log File

num;date;time;orig;type;action;alert;i/f_name;i/f_dir;proto;src;dst;service;s_port;len;rule;xlatesrc;xlatedst;xlatesport;xlatedport;icmp-type;icmp-code;sys_msgs
0;30Sep98;11:59:51;208.1.1.1;control;ctl;;daemon;inbound;;;;;;;;;;;;;;started sending log to localhost
1;30Sep98;11:59:51;208.1.1.1;log;accept;;El90x3;inbound;tcp;192.4.7.171;204.170.22.93;https;1197;44;1;208.1.1.1;204.170.22.93;33548;https;;;
2;30Sep98;11:59:51;208.1.1.1;log;accept;;El90x3;inbound;tcp;192.4.7.48;209.1.224.13;http;1266;44;1;208.1.1.1;209.1.224.13;33549;http;;;
3;30Sep98;11:59:51;208.1.1.1;log;accept;;El90x3;inbound;tcp;192.4.7.48;209.1.224.13;http;1267;44;1;208.1.1.1;209.1.224.13;33550;http;;;
4;30Sep98;11:59:51;208.1.1.1;log;accept;;El90x3;inbound;tcp;192.4.7.48;209.1.224.13;http;1268;44;1;208.1.1.1;209.1.224.13;33551;http;;;



Sample of INCORRECTLY exported Check Point Log File

"119310"  "15Aug2002"  " 8:00:18"  "eth-s1p3c0"  "146.105.234.6"  "log"  "accept"  "nameserver"  "146.1.2.1"  "158.43.128.72"  "udp"  "22"  "4487"  ""  ""  ""  ""  ""  "193.132.126.2"  "158.43.128.72"  "4487"  "nameserver"  "firewall"  " len 72" 
"119311"  "15Aug2002"  " 8:00:18"  "eth-s1p1c0"  "146.105.234.6"  "log"  "accept"  "https"  "146.105.175.86"  "143.252.77.4"  "tcp"  "55"  "1158"  ""  ""  ""  ""  ""  ""  ""  ""  ""  "firewall"  " len 48" 
"119312"  "15Aug2002"  " 8:00:30"  "eth-s1p1c0"  "146.105.234.16"  "log"  "drop"  "nbdatagram"  "146.105.65.32"  "192.168.73.2"  "udp"  "80"  "nbdatagram"  ""  ""  ""  ""  ""  ""  ""  ""  ""  "firewall"  " len 257" 
"119313"  "15Aug2002"  " 8:00:18"  "eth-s6p1c0"  "146.105.234.6"  "log"  "accept"  "smtp"  "195.11.209.131"  "193.132.126.2"  "tcp"  "15"  "2230"  ""  ""  ""  ""  ""  "195.11.209.131"  "146.1.2.1"  "2230"  "smtp"  "firewall"  " len 48" 
"119314"  "15Aug2002"  " 8:00:18"  "eth-s1p3c0"  "146.105.234.6"  "log"  "accept"  "nameserver"  "146.1.2.1"  "158.43.128.72"  "udp"  "22"  "4489"  ""  ""  ""  ""  ""  "193.132.126.2"  "158.43.128.72"  "4489"  "nameserver"  "firewall"  " len 73" 



This article was previously published as:
NETIQKB12296

Last Modified 4/10/2006.
https://support.trustwave.com/kb/KnowledgebaseArticle10710.aspx