October 20, 2005

Anyone have an RFC doc for WELF format?

Thought I would try seeing if I could get some blog community involvement in trying to find documentation on what I believe is a logging format similar to WELF.

If anyone knows of the syslog format for Sonicwall's log events when set to "Default", could you please drop me a line at dana@vulscan.com? I wish to write a regular expression for the syslog events but notice it comes in various formats, and I need to get it parsing correctly.

I found a few references to the fact the format is actually WELF, and that documentation is on the WebTrends website... but the document (welf3.doc) is no longer available.

If you happen to have a URL to the log format, please let me know.

Thanks!

Posted by SilverStr at October 20, 2005 03:48 PM | TrackBack
Comments

Hows this?
http://binaries.it-faq.pl/windows/security_tools/SystemTools/WebTrends/Developers/LogStandard/

Posted by: Andrew at October 21, 2005 06:18 AM

To all my readers,

Thank you. Besides Andrew's public comment, I received 3 links via email, and 4 emails with the attached document! Thank you so much to you all.

I really appreciate it.

Posted by: Dana Epp at October 21, 2005 01:42 PM

As an update to this, a few things I would like to note.

1) Many thanks to Luigi for sending me an even newer version of the WELF documentation formation that welf3.doc.

2) Many thanks to Joe and the gang over at Sonicwall who pointed out that the log format IS actually documented, but hard to find over at:

http://www.sonicwall.com/support/pdfs/SonicOS_Log_Event_Reference_Guide.pdf

Thanks again to all who were so helpful!

Posted by: Dana Epp at October 21, 2005 01:56 PM