Why does Security Reporting Center only analyze the 'messages' and 'connections' logs of a Borderware firewall?


This article applies to:

  • Security Reporting Center 2.1

Question:

Why does Security Reporting Center only analyze the 'messages' and 'connections' logs of a Borderware firewall?

Information:

Security Reporting Center (SRC) only analyzes the 'connections' and 'messages' logs from Borderware. It does this because the other logs that the Broderware firewall generates generally contain duplicate data unnecessary for SRC reporting. For example, the Borderware generated security logs are a packet by packet log of the data coming through the firewall. SRC does not support this granular level of data. However, for each set of packets for a given IP, there is a corresponding log line in the 'connections' log that summarizes the whole transfer.  This data is reported on by SRC. 

There is no usable valid data for SRC in any of the other Borderware logs. In most cases SRC needs a time, source IP, destination IP, and port to generate valid reports, however, there are exceptions with other proprietary log formats like Cisco PIX.

This article was previously published as:
NETIQKB46819

Last Modified 3/8/2006.
https://support.trustwave.com/kb/KnowledgebaseArticle10956.aspx