 | ||
 Port number instead of port name | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-02-24 | |||
| |||
 Port number instead of port name Hi everybody, I am using Loggrabber (fellhauer-web.de/projects/fw1-loggrabber.html) to analyze my fw1-ng-fp3's logs (it works pretty well ;-)) but I have a problem with the name services. I would like to process the logs with the real port numbers rather than the name services. For example, i have the following rule: ANY ANY SSH DROP LOG. SSH is a service defined in fW1 and in /etc/services. So if I want to have in my logs, ANY ANY 22, instead of ANY ANY SSH, what can I do: 1) delete the FW1 service (but I can't write the rule then) 2) put #ssh 22/tcp in /etc/services 3) maybe change some configuration files in $FWDIR/conf (??) Another example: I have a group of service like NBT which contains UDP port 137, UDP port 138 and TCP port 139. So in my logs, I'll see ANY ANY NBT but we don't know if it's UDP port 137, UDP port 138 and TCP port 139. So? Thanks a lot. Laurent  |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
