I have had a look at phone boy, and haven't turned up the answer so I thought I'd post here.
I'm looking to forward logs to a central server, I have syslog successfully running on this server.
I modified the Checkpoint box (nokia) to forward all local1.* rules to it (@10.0.0.1)
re-hupped and tested:
logger -p local1.info This is a test
Works perfectly, I then setup a User defined rule as:
$FWDIR/bin/logger -p local1.info Test2
and applied this to a test rule:
on echo request from my PC to the FW pass and do user defined alert.
Works a treat, the problem I have is this - I would like a more informative message to be passed to syslog. Ideally $_ (to use a Perl syntax). But at least the rule that tripped the alert and maybe the src address etc.
Is there any information about variables that can be used in User defined rules? This facility has great potential but without this sort of thing is next to useless.
Regards,
Luke Butcher
Ph: 020 7524 6805
Mb: 0794 11 55545
Em: [EMAIL PROTECTED]
E-mail Disclaimer
Nabarro Nathanson
Principal office:
Lacon House, Theobalds Road
London WC1X 8RW
Tel: +44 (0)20 7524 6000 Fax: +44(0)20 7524 6524
NOTICE
This message contains confidential (and potentially legally privileged) information solely for its intended recipients and others may not distribute, copy or use it. If you have received this communication in error please tell us either by return e-mail or at the numbers above and delete it, and any copies of it.
The contents of this e-mail are subject to the firms Terms of Business copies of which are available on our website.
We have taken steps to ensure that this message (and any attachments or hyperlinks contained within it) are free from computer viruses and the like. However, in accordance with good computing practice the recipient is responsible for ensuring that it is actually virus free before opening it.
Regulated by the Law Society. A list of partners is available at the address above or on our website, http://www.nabarro.com
