Difference between revisions of "fw audit log parsing via CLI"

Revision as of 14:14, 21 August 2013

Log entries and field changes are separated by semicolons in the fw.adtlog file. It is very difficult to read, even with the smartview tracker. The command line below run on the SmartCenter or from a CMA environment will output the log file in an easy to read format to terminal.

parse

fw log -ln -s "Aug 19,2013 21:45:00" -e "Aug 20,2013 23:59:00" fw.adtlog | awk -F ";" '{for (i=1; i<=NF; i++) printf $i "\n"}'

19Aug2013 21:53:01 accept 192.168.1.1 <    ObjectName: test_group_object
 ObjectType: network_object_group
 ObjectTable: network_objects
 Operation: Modify Object
 Uid: {F7F0772C-0917-11E3-8A4F-ABB20701CFCF}
 Administrator: jsmith
 Machine: lab-mds
 FieldsChanges: test_group_object: added 'test_client'