[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

WebTrends Enhanced Log File Format (WELF) for UTM Features

UTM features support the WELF standard. The WELF Reference defines the WebTrends industry standard log file exchange format. Any system logging to this format is compatible with Firewall Suite 2.0 and later, Firewall Reporting Center 1.0 and later, and Security Reporting Center 2.0 and later.

This section contains the following topics:

WELF Overview

A WELF log file is made up of records. Each record makes up a single line of the file. Records are always in chronological order. The earliest record is the first record in the file; the most recent record is the last record in the file. The WebTrends Enhanced Log Format places no restrictions on log file names or log file rotation policies.

Note: Each WELF record is made up of fields. The record identifier field (id=) must be the first field in a record. All other fields can appear in any order.

The following is a sample WELF record:

id=firewall time="2000-2-4 12:01:01" fw=192.168.0.238 pri=6 rule=3 proto=http
src=192.168.0.23 dst=6.1.0.36 rg=www.webtrends.com/index.html op=GET result=0
rcvd=1426

The fields from the example WELF record include the following required elements (all other fields are optional):

CLI Configuration

  1. From the set command, set the security log source IP address. You do this when you are exporting security logs.

    Note: The WELF logging messages must be saved to a dedicated WebTrends server.

    user@host# set security log source-address 1.2.3.4
  2. Next, you set the name of the security log stream. In this case, you will create the name utm-welf.
    user@host# set security log source-address 1.2.3.4 stream utm-welf
  3. Next, set the format for the log messages. In this case, set it to welf.
    user@host# set security log source-address 1.2.3.4 stream utm-welf format welf
  4. Next, set the category of log messages that are sent. In this case, you want to send security messages. Selecting content-security here indicates UTM messages.
    user@host# set security log source-address 1.2.3.4 stream utm-welf format welf category content-security
  5. Next, set the severity level of log messages that are sent.
    user@host# set security log source-address 1.2.3.4 stream utm-welf format welf category content-security severity critical emergency
  6. Next, enter the host address of the dedicated WebTrends server to which the log messages are to be sent.
    user@host# set security log source-address 1.2.3.4 stream utm-welf format welf category content-security severity critical emergency host 5.6.7.8
  7. Your configuration takes effect when you commit your changes.
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]