Until recently, we had a
Netgear FVS318 firewall appliance w/ VPN capability. Of course, we wanted the firewall to log packets, which hit certain filters. This could be done directly on the firewall. Which makes it quite hard to read. There is no log rotation, only a web GUI for viewing the entries, neither
grep nor awk available and such.
But! There was a config option, where we could specify a syslog server. So, let's use this. This was the easy part.
Would be nice to know the syslog facility and level, which will be used by the Netgear firmware, in order to configure our syslog server properly. First place to look for such information: the manual, of course. But no useful hints there. Next: Google, of course. No useful information there as well. Ok, then I started to
snoop(1M) on the syslog server interface (or course, it's a Solaris machine), and inspected the incoming syslog packets. At least, there were packets coming in. No useful information about syslog facility or level, though. Ok, then let's do some "brute force" method: There are only a few syslog facilities, so I just configured one after the other with the
info level until I saw entries in the corresponding logfile.
To make a long story short: A Netgear FVS318 firewall talks to the syslog server via
user.info. So, in future, Google hopefully will return this blog entry to all of you, who are faced with the same problem: collecting syslog data from a Netgear firewall appliance
:-) The entry in our
syslog.conf(4):
# Firewall Logs
# Netgear FVS318
#
user.info /var/adm/firewall.log
BTW: the Netgear appliance was replaced a few weeks ago with a way more flexible Solaris 10 machine, running
ipf(1M) as the firewall part and OpenVPN for terminating VPN sessions.
| 
