I need to pull the data from two fields in a packet (username and IP address) and send the information to a firewall we have for it to create a dynamic rule.
What would be the best way to accomplish this?
I have considered forwarding the event with the packet to an external script server that would then have to do all of the work of parsing the packet and sending the info to the firewall.
However, I am wondering if the ESM has the capability to send the information directly to the firewall?
Thanks for any help in advance.
I don't believe there's a method to send the info you're looking for directly to the firewall. However, we can send the fields you need to a script of your design, which can then take care of forwarding the info to the firewall as appropriate. To accomplish this:
If you have other fields you'd like to send to your script, you'll find them all in a popup menu underneath the green arrow icon.
Any way to create a log when the command executes? I see in the alarm that the action is logged, but the data is not getting to the epo server. My example is different than above, but this is my command string. I have tried a pipe to a log file with no luck.