AnsweredAssumed Answered

Parsing a Firewall Log

Question asked by Renato Goncalves on Dec 27, 2017
Latest reply on Jan 18, 2018 by Renato Goncalves

Hello

I need to parse a firewall log but every time i parse it NW doesn't give me any useful results

 

This is the parser:

 

device="SFW" date=2017-01-01 time=13:36:34 timezone="WET" device_name="things" device_id=AA203100004445 log_id=010101600001 log_type="Firewall" l
og_component="Firewall Rule" log_subtype="Allowed" status="Allow" priority=Information duration=300 fw_rule_id=02 policy_type=1 user_name="anonimo@sapo.pt"
user_gp="utilizadores" iap=66 ips_policy_id=7 appfilter_policy_id=8 application="Secure Socket Layer Protocol"
application_risk=10 application_technology="Network Protocol" application_category="Infrastructure" in_interface="" out_interface="WAN" src_mac=00: 0:00: 0:00: 0
src_ip=10.000.000.00 src_country_code=A1 dst_ip=200.00.000.111 dst_country_code=USA protocol="TCP" src_port=12345 dst_port=123 sent_pkts=66  recv_pkts=66 sent_bytes=6666
recv_bytes=6666 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="LAN" srczone="LAN" dstzonetype="WAN" dstzone="WAN" dir_disp="" connevent="Stop" connid="2183694848" vconnid="" hb_health="No Heartbeat"

 

Im using NW LPT1.0

Outcomes