~ubuntu-branches/ubuntu/maverick/lire/maverick

<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>WebTrends Enhanced Log Format</title><meta name="generator" content="DocBook XSL Stylesheets V1.64.1"><link rel="home" href="index.html" title="Lire User's Manual"><link rel="up" href="ch10.html" title="Chapter�10.�Firewall Supported Log Formats"><link rel="previous" href="ch10s04.html" title="IPTables "><link rel="next" href="ch11.html" title="Chapter�11.�FTP Supported Log Formats"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">WebTrends Enhanced Log Format</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch10s04.html">Prev</a>�</td><th width="60%" align="center">Chapter�10.�Firewall Supported Log Formats</th><td width="20%" align="right">�<a accesskey="n" href="ch11.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2508156"></a>WebTrends Enhanced Log Format</h2></div></div><div></div></div><p>The WELF format is a format developed by WebTrends and

<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>WebTrends Enhanced Log Format</title><meta name="generator" content="DocBook XSL Stylesheets V1.68.1"><link rel="start" href="index.html" title="Lire User's Manual"><link rel="up" href="ch10.html" title="Chapter�10.�Firewall Supported Log Formats"><link rel="prev" href="ch10s04.html" title="IPTables "><link rel="next" href="ch11.html" title="Chapter�11.�FTP Supported Log Formats"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">WebTrends Enhanced Log Format</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch10s04.html">Prev</a>�</td><th width="60%" align="center">Chapter�10.�Firewall Supported Log Formats</th><td width="20%" align="right">�<a accesskey="n" href="ch11.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2522456"></a>WebTrends Enhanced Log Format</h2></div></div></div><p>The WELF format is a format developed by WebTrends and

supported by many firewall vendors. Products can save log

files in that format directly or can log through

<span><b class="command">syslog</b></span>. Either native WELF log

files or <span><b class="command">syslog</b></span>'s log files contain

<span><strong class="command">syslog</strong></span>. Either native WELF log

files or <span><strong class="command">syslog</strong></span>'s log files contain

WELF information. Although the log format isn't designed

for packet filter firewalls (it can contain information

from devices that do network intrusion or proxy

services), <span class="application">Lire</span> does its best to map this information to

something that can be meaningful.

</p><div class="example"><a name="id2508234"></a><p class="title"><b>Example�10.5.�WELF Log Sample</b></p><pre class="programlisting">

</p><div class="example"><a name="id2522533"></a><p class="title"><b>Example�10.5.�WELF Log Sample</b></p><pre class="programlisting">

WTsyslog[1998-08-01 14:05:46 ip=10.0.0.1 pri=6] id=firewall \

time="1998-08-01 04:10:23" fw=WebTrendsSample pri=5 \

src=10.0.0.4 dst=10.0.0.8 sent=1194

</pre></div><p><span class="application">Lire</span> also supports some extension uses by

SonicWall.</p><div class="example"><a name="id2508255"></a><p class="title"><b>Example�10.6.�SonicWall Log Sample</b></p><pre class="programlisting">

SonicWall.</p><div class="example"><a name="id2522554"></a><p class="title"><b>Example�10.6.�SonicWall Log Sample</b></p><pre class="programlisting">

Jan 7 15:01:10 lire id=firewall sn=asdlFFFXSD \

time="2002-01-06 22:42:13" fw=10.0.0.1 pri=6 c=1 m=30 \

Older »