AnsweredAssumed Answered

How to Change Meta in Event Reconstruction

Question asked by Renato Goncalves on Sep 27, 2018
Latest reply on Oct 2, 2018 by Eric Partington

Hello,

 

We recently saw a log with both ports, source and destiny and we noticed that the event reconstruction only show on port:

Here's the log:

Sep 27 2018 10:58:45: %CHKPNT-6-050100: accept,100.07.200.106,inbound,bond50.1000,10.0.00.000,40020,83.240.149.119,443, ,tcp,42, , , , , , , , , , , , , , , , , , , , , , , ,27Sep2018 10:58:45,0,VPN-1 & FireWall-1,000.07.200.106,00023,10.3.205.7,0, , , ,https, , , , , , , , , , , , , , , , , , , , , , , ,051110, , , , , , , , ,74,1, , , , , ,{0CB00B0B-2000-40D3-B0C0-0020603010F0},BP0G0A000 FE, , ,

 

Now notice the Event Reconstruction:

 

 

 

I thought that maybe it was a problem with the parser...but open RSA Log Parser Tool and try it, putting a firewall log against the xml file for the model of our firewall and i noticed that both ports are parsed.

 

 

Is their anyway to change the meta that appears in Event Reconstruction? I that case i choose to appear both ports.....                                                                                      

Outcomes