MonitorWare Knowledge Base

I am trying to parse a message from our firewall, my goal is be able to log the amount of ingoing/outgoing traffic depending on type/port. However, all the information I'm interested in is inside the Message body looking like this:

id=firewall time="2004-10-04 11:23:32" fw=10.68.12.79 pri=6 rule=ACCEPT proto=netbios-ns duration=2 sent=312 rcvd=0 src=10.68.12.15 dst=10.68.15.255 sessionid=5987 subid=0 status=OPEN srcport=137 dstport=137 logcateg=1

time, rule, proto, srcport,dstport are the variables I'd like to extract. In the next step I'd create a script that counts the different protocol types, but first I ofcourse need these variables extracted from the message body. Can I do this?

Hello,

MonitorWare Console is our analytical tool that provides about 8 or 9 different pix reports. Some of them are the same as what you are looking for. Here is the link to the PIX reports page of MonitorWare Console. If you like them, you can download the trial version of MonitorWare Console. Here is the link to the

pix reporting page


and here is the link to download current 2.1 beta version of MonitorWare Console.

http://www.adiscon.org/download/mwcon2.1b.exe

I hope this will help

Best Regards
Wajih
Adiscon