Nighthawk at 14:14, 21 August 2013

2013-08-21T14:14:48Z

Nighthawk: Created page with "Log entries and field changes are separated by semicolons in the fw.adtlog file. It is very difficult to read, even with the smartview tracker. The command line below run o..."

2013-08-21T14:14:14Z

Created page with "Log entries and field changes are separated by semicolons in the fw.adtlog file. It is very difficult to read, even with the smartview tracker. The command line below run o..."

New page

Log entries and field changes are separated by semicolons in the fw.adtlog file. It is very difficult to read, even
with the smartview tracker. The command line below run on the SmartCenter or from a CMA environment will output the log file in an easy to read format to terminal.

parse
fw log -ln -s "Aug 19,2013 21:45:00" -e "Aug 20,2013 23:59:00" fw.adtlog | awk -F ";" '{for (i=1; i<=NF; i++) printf $i "\n"}'

19Aug2013 21:53:01 accept 192.168.1.1 < ObjectName: test_group_object
ObjectType: network_object_group
ObjectTable: network_objects
Operation: Modify Object
Uid: {F7F0772C-0917-11E3-8A4F-ABB20701CFCF}
Administrator: jsmith
Machine: lab-mds
FieldsChanges: test_group_object: added 'test_client'

[[category:logging]]

@@ Line 3: / Line 3: @@
 parse
-  fw log -ln -s "Aug 19,2013 21:45:00" -e "Aug 20,2013 23:59:00" fw.adtlog | awk -F ";" '{for (i=1; i<=NF; i++) printf $i "\n"}'
+  # fw log -ln -s "Aug 19,2013 21:45:00" -e "Aug 20,2013 23:59:00" fw.adtlog | awk -F ";" '{for (i=1; i<=NF; i++) printf $i "\n"}'
 Aug2013 21:53:01 accept 192.168.1.1 <    ObjectName: test_group_object

fw audit log parsing via CLI - Revision history

Nighthawk at 14:14, 21 August 2013

Nighthawk: Created page with "Log entries and field changes are separated by semicolons in the fw.adtlog file. It is very difficult to read, even with the smartview tracker. The command line below run o..."