metron-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Sirota (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (METRON-182) Create Checkpoint Firewall parser
Date Thu, 02 Jun 2016 05:38:59 GMT

     [ https://issues.apache.org/jira/browse/METRON-182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

James Sirota updated METRON-182:
--------------------------------
    Assignee: Casey Stella

> Create Checkpoint Firewall parser
> ---------------------------------
>
>                 Key: METRON-182
>                 URL: https://issues.apache.org/jira/browse/METRON-182
>             Project: Metron
>          Issue Type: New Feature
>            Reporter: Sunny Kumar
>            Assignee: Casey Stella
>            Priority: Minor
>              Labels: ParserExtension
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> Parse checkpoint firewall logs. The format is as below:
> Apr 03 10:39:08 [10.255.255.255] Apr 03 2016 10:39:07: %CHKPNT-1-080080: Origin=tattoine_rey3,Application=Unknown,Operation="Log
In",Subject="Administrator Login",Audit Status=Failure,Info="Administrator failed to log in:
No SIC error message",Operation Number=11,client_ip=10.255.255.255,
> -------------------------------
> {"subject":"\"Administrator Login\"","timestamp2":"Apr 03 2016 10:39:07","origin":"tattoine_rey3","ipAddress":"10.255.255.255","audit_status":"Failure","source.type":"checkpointfirewall","original_string":"Apr
03 10:39:08 [10.255.255.255] Apr 03 2016 10:39:07: %CHKPNT-1-080080: Origin=tattoine_rey3,Application=Unknown,Operation=\"Log
In\",Subject=\"Administrator Login\",Audit Status=Failure,Info=\"Administrator failed to log
in: No SIC error message\",Operation Number=11,client_ip=10.255.255.255,","application":"Unknown","client_ip":"10.255.255.255","operation_number":"11","operation":"\"Log
In\"","timestamp":1459679948000,"info":"\"Administrator failed to log in: No SIC error message\""}
> ###################
> Apr 03 10:39:19 [10.255.255.255] Apr 03 2016 10:39:19: %CHKPNT-6-021050: keyinst, tattoine_rey3,
inbound, daemon, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,  3Apr2016 10:39:19,
0, VPN-1 & FireWall-1, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , 021050,
, , , , , , , , , , , , ,
> -------------------------------
> {"timestamp2":"Apr 03 2016 10:39:19","interfaceDirection":"inbound","original_string":"Apr
03 10:39:19 [10.255.255.255] Apr 03 2016 10:39:19: %CHKPNT-6-021050: keyinst, tattoine_rey3,
inbound, daemon, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,  3Apr2016 10:39:19,
0, VPN-1 & FireWall-1, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , 021050,
, , , , , , , , , , , , ,","action":"keyinst","ipAddress":"10.255.255.255","eventDate":"3Apr2016
10:39:19","tbd54":"021050","origin":"tattoine_rey3","eventSource":"VPN-1 & FireWall-1","interfaceName":"daemon","timestamp":1459679959000,"tbd22":"0","source.type":"checkpointfirewall"}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message