Jason!! What a great tip!!
Actually I had to comment out the following four services at first,
because after I commented out "nameserver", then just "domain" started
popping up in the log files:
# domain 53/tcp nameserver # name-domain server
# domain 53/udp nameserver
# nameserver 53/tcp domain # name-domain server
# nameserver 53/udp domain
And then I just renamed them to match the Check Point names:
domain-tcp 53/tcp nameserver # name-domain server
domain-udp 53/udp nameserver
And then un-commented the nameserver entries, so now my services
file looks like this:
domain-tcp 53/tcp nameserver # name-domain server
domain-udp 53/udp nameserver
nameserver 53/tcp domain # name-domain server
nameserver 53/udp domain
Presto! My logs are working and now my "Service Selection Criterion"
box is working properly when I want to select logs "In" or "Not in"
domain-udp/domain-tcp. Very weird that CP logs are pulling names
from my management NT services file???
Thanks again for your assistance Jason.
No longer disgruntled in Dallas,
Becky
p.s. Now why the heck does NT have 2 sets of entries in the
Services file for port 53 udp/tcp? Too much too learn, too little
time....
"Luke, Jason (ISS Southfield)" wrote:
>
> 'nameserver' is just Port 53 DNS queries in disguise. I believe your GUI
> client is on NT and it is resolving port 53 traffic to nameserver, which is
> listed in the WINNT/system32/drivers/etc/services file. I think if you
> comment out that entry it will go back to being domain-tcp and domain-udp in
> the logviewer.
>
> Jason
>
<SNIP>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
