Format of system log

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
Osaki
  • Osaki
  • Posts: 4
  • Joined: Oct 13 05 5:46 pm

Format of system log

Oct 13 05 6:23 pm

I am using the Japanese version of a version 6.0.4 now.
I am troubled by the method of seeing the following system logs.
"C:\Program Files\WinGate\logs\System\System.log"

The following line will be displayed if a text editor opens this.
----------------
10/13/05 05:54:48 3opt2dN7fiIbWIUKAQAAAAYAAYAh8loA
kMxbDwoAAEUAAChX4wAAbQZX696KbdnTe34iG1iFCgAAAACSJGxuUBQAAHLZAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
----------------

How do you understand this?
Please teach me how to see this.
genie
  • genie
  • Posts: 1788
  • Joined: Sep 30 03 10:29 am

Oct 13 05 11:31 pm

This is Base64 encoding - if you have any base64 decoder (there are plenty around, open source and free) you can simply decode this string as a base64 flow.
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Oct 14 05 9:23 am

PS

The reason it is base64 encoded is because we store the actual binary packet in here so we can decode it and display various fields in GateKeeper's firewall tab.

Since it contains binary data, which can contain NULLs, we encoded it. Normally these entries are not required to be read by humans.

Adrien
Osaki
  • Osaki
  • Posts: 4
  • Joined: Oct 13 05 5:46 pm

Oct 14 05 6:33 pm

I understood these things at last.
Although I tried decoding by Base64, it was an incomprehensible character string.

I was using the version 4.5.2 of a Japanese version before.
I was able to know the following information in the system log of the version.

* source ip address/port
* destination ip address/port
* network protocol
* The fire wall blocked communication.

Even if this upgraded to the version 6.0.4, I thought that I could know the same information by the system log.
Can I get the system log of the same contents as a version 4.5.2 by the version 6.0.4?
genie
  • genie
  • Posts: 1788
  • Joined: Sep 30 03 10:29 am

Oct 14 05 6:34 pm

6.0.4., as Adrien has mentioned, stores not only text, but binary information in the log files - that is why it should be encoded to prevent log file corruption.
Osaki
  • Osaki
  • Posts: 4
  • Joined: Oct 13 05 5:46 pm

Oct 14 05 8:29 pm

I was able to know why the system log file was encoded by the version 6.0.4.

I am decoding the log file by Base64 and acquired the binary information.
I evaluated the binary information every 8 bits, and I got to know that it was an IP packet.
I was able to know the contents of the unknown system log which was the original question.

I am thankful to Qbik staff.
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Oct 14 05 11:49 pm

Hi

Are you writing a log file analyser?

Adrien
Osaki
  • Osaki
  • Posts: 4
  • Joined: Oct 13 05 5:46 pm

Oct 15 05 1:57 am

No, I am not writing a log file analyser.

I used a normal Base64 decoder for this problem, but I was not able to know contents of system log.
Therefore I made a Base64 decoder to convert into binary number and decimal number from your advice to know log information.
I knew that system log was an IP packet from the data which I converted.

Thanks.
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index