as far as I know you can only send the loggin else where
if you set the remote system up as a management station...
not by just altering rulebase or whatever...
> -----Original Message-----
> From: Luke Butcher [SMTP:[EMAIL PROTECTED]]
> Sent: maandag 17 september 2001 16:35
> To: [EMAIL PROTECTED]
> Subject: Checkpoint log forwarding.
>
> I have had a look at phone boy, and haven't turned up the answer so I
> thought I'd post here.
>
> I'm looking to forward logs to a central server, I have syslog
> successfully running on this server.
>
> I modified the Checkpoint box (nokia) to forward all local1.* rules to it
> (@10.0.0.1)
> re-hupped and tested:
> logger -p local1.info This is a test
>
> Works perfectly, I then setup a User defined rule as:
> $FWDIR/bin/logger -p local1.info Test2
> and applied this to a test rule:
> on echo request from my PC to the FW pass and do user defined alert.
>
> Works a treat, the problem I have is this - I would like a more
> informative message to be passed to syslog. Ideally $_ (to use a Perl
> syntax). But at least the rule that tripped the alert and maybe the src
> address etc.
>
> Is there any information about variables that can be used in User defined
> rules? This facility has great potential but without this sort of thing is
> next to useless.
>
> Regards,
> Luke Butcher
> Ph: 020 7524 6805
> Mb: 0794 11 55545
> Em: [EMAIL PROTECTED]
>
>
>
> E-mail Disclaimer
>
>
> Nabarro Nathanson
>
> Principal office:
>
> Lacon House, Theobalds Road
> London WC1X 8RW
> Tel: +44 (0)20 7524 6000 Fax: +44(0)20 7524 6524
>
> NOTICE
>
> This message contains confidential (and potentially legally privileged)
> information solely for its intended recipients and others may not
> distribute, copy or use it. If you have received this communication in
> error please tell us either by return e-mail or at the numbers above and
> delete it, and any copies of it.
>
> The contents of this e-mail are subject to the firms Terms of Business
> copies of which are available on our website.
>
> We have taken steps to ensure that this message (and any attachments or
> hyperlinks contained within it) are free from computer viruses and the
> like. However, in accordance with good computing practice the recipient is
> responsible for ensuring that it is actually virus free before opening it.
>
> Regulated by the Law Society. A list of partners is available at the
> address above or on our website, http://www.nabarro.com
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
