Wednesday, April 9, 2008

ZyAgent development

There has been few updates here for a while. This has been due to inconsistency of the Zywall log-format. There is an inconsistency between internal log-format , syslog and hat of the old ZyNOS based zywalls. I requested a change to make this more consistent in the beta forum, this would make life more easy for any one providing 3th party software. It's hard to believe that this would not benefit the developers of Vantage CNM/VRPT well. It seems they have been working around all the strange things /inconsistencies and "big" changes is needed to handled the clean up right. As such these fixes are scheduled for ZLD 2.12.

I will need to consider how to continue the development of ZyAgent based on this information.

wbr
Ted

Sunday, February 17, 2008

Zywall USG200

As I mentioned before the Zywall USG 200 is now in beta. It has the size of the Zywall 5/35 and is fanless. I've included some pictures and screenshots below, enjoy. I know the pictures is not great , but I'm not much of a photographer.









wbr
Ted

Wednesday, February 6, 2008

One more..

I just want to assure everyone that I did not intend this blog to be "a bug a day" blog. It just so happens that I found some while working with ZyAgent. I'm putting it hear since I have not intention of making any work arounds in ZyAgent. So if it's not working you know why.

Why am I not adding a work around ? Well it would require more changes to my code and I rather keep it the way it is. Besides I expect Zywall RD will fix this since.

This time it's the category for things like signature updates , that is wrong. In the zywall internal log it's "myZyXEL.com" , while in the Syslog string it shows up as cat="Myzyxel Dot Com".

As always the bug has been reported to Zyxel

wbr
Ted

Monday, February 4, 2008

New bug (USG300)

I finally got around to register my Zywall USG 300 and activate the Anti-virus and IDP. To see that the service was in fact running I visited the Eicar site. I was very disappointed to see that there was no reaction from ZyAgent.

Checking the internal log in the zywall reviled that the event had in fact been handled.


# Time Priority Category Message Source Destination Note
1 2008-02-04 00:29:57 warn Anti-Virus HTTP Virus infected - ID:2053,EICAR-Test-File,anti_virus_test_file.htm. xxx.xxx.xxx.xxx:80 xxx.xxx.xxx.xxx:4093 FILE DESTROY


This reminded me of the situation with my last post , where the logging was inconsistent. So I checked the syslog string that was sent from the Zywall.


<140>Feb 4 00:32:18 zywall-usg-300 src="xxx.xxx.xxx.xxx:80" dst="xxx.xxx.xxx.xxx:4123" msg="HTTP Virus infected - ID:2053,EICAR-Test-File,anti_virus_test_file.htm." note="FILE DESTROY" user="unknown" devID="xxxxxxxxxxxxx" cat="Anti Virus"


Once again we see there is a mismatch with the categories. It was tested with both last available beta firmware and the last FCS firmware. Both had the same problem.

The problem has been reported to the beta team, there has been no feedback yet. Due to Chinese new years, I don't think there will be any feedback for at least a week.

I had a chance to look a the new USG 200 today, and it looked very nice. It is fan-less so might be a better option then the USG 300 as a home device. The new 2.1 firmware has some nice improvements to make life more easy. I might post some screen shoots and pictures if I get around to it.

wbr
Ted

Thursday, January 24, 2008

First bug report

Jan Inge reported a possible bug in the new ZyAgent beta. When login in on the Zywall USG 300, ZyAgent does not report this. When we look at the log in the Zywall USG 300


# Time Priority Category Message Source Destination Note
1 2008-01-24 22:25:06 notice User Administrator admin from http/https has logged in ZyWALL xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx Account: admin


we see that the categories is "User". If we compare this to the syslog message sent by the Zywall USG 300


<141>Jan 24 22:25:06 zywall-usg-300 src="xxx.xxx.xxx.xxx:0" dst="xxx.xxx.xxx.xxx:0" msg="Administrator admin from http/https has logged in ZyWALL" note="Account: admin" user="admin" devID="xxxxxxxxxxxxx" cat="Login"


we see that the the categories is reported as "Login". There is no "Login" in the log setup in the Zywall, and since it does not match the internal log in the Zywall it's clear that it's a bug.
The bug has been reported to the Zywall team and they have promised it will be fixed.

wbr
Ted

Monday, January 21, 2008

First post and ZyAgent beta.

Hi All ,
this is the first post for my ZyAgent blog. I decided to try Blogspot to have an easy way of keeping everyone up to date with the ZyAgent development.

I know the development has been pretty slow for a while now , but other commitments had to be prioritized.

I have made an updated to ZyAgent, that will allow it to be used with Zywall USG. It should now ble able to handle both ZyNOS and ZLD log format. The only change that is visible to the user, can be found on the option page, as seen below.

 

The beta is public , feel free to report problems or any kind of feedback.
It can be downloaded here.
ZyAgent 1.2 beta 1

Updates/changes
Adding ZLD support
Adding right click for select/deselect all to categories

For more info on ZyAgent check ZyAgent website

wbr
Ted