> Hi,
> I've recently added a PIX 10k to our boundary and I was wondering if I
> config syslog so that both the PIX and my cisco routers log to the same
> file, can the cisco.pl script parse the combined file without barfing ?

It *should.*  When I was last working on the Cisco parser, several months
ago, I consolidated all our existing Cisco parsers into one cisco.pl parser.
There is a series of regexs that tries to match all the variations of Cisco
sample logs that we have collected.

So, try cisco.tar.gz from the Framework page.
(http://www.dshield.org/framework.html)   Let me know if it doesn't work for
you.    Preferably by sending me sample log lines for the lines that don't

Wayne Larmon
wlarmon at dshield.org

