Hello! I've been trying to write a logformat string to analyze the output from out firewall, a Sonicwall. I'm getting nowhere. Maybe someone already has done this, the log looks like this:
03/28/2002 10:38:20.832 - TCP connection dropped - Source:195.58.198.99, 4410, WAN - Destination:123.456.789.012, 80, LAN - 'Web (HTTP)' - Rule 3 03/28/2002 10:39:40.224 - TCP connection dropped - Source:195.58.198.99, 1311, WAN - Destination:123.456.789.012, 80, LAN - 'Web (HTTP)' - Rule 6 Every line starts with the date, there are also a couple of tabs in there. The most interesting would be to see how many source IPs there are for the past few days. The destination IPs are not very interesting, all destinations in the log will be invalid anyway (ie no IP should have any traffic). Thanks in advance! /Jonas Lundberg +------------------------------------------------------------------------ | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at | http://www.mail-archive.com/[email protected]/ | http://lists.isite.net/listgate/analog-help/archives/ | http://www.tallylist.com/archives/index.cfm/mlist.7 +------------------------------------------------------------------------
