[Dshield] Differing Cisco PIX log format

Jason Baker jbaker at filonet.ca
Tue Mar 26 19:47:10 GMT 2002


Just wondering if anyone else has a PIX and sees the logging in a fairly 
different format than the pre-packaged dshield pix parser thinks it'll be...

My PIX is dumping the lines like this:

Mar 26 11:38:49 gateway %PIX-4-106023: Deny tcp src 
outside:aaa.aaa.aaa.aaa/60014 dst inside:bbb.bbb.bbb.bbb/113 by access-group 
"acl_out"

The parser is expecting (according to the samples in it):
# Dec 16 00:00:21 aaa.bbb.net %PIX-2-106007: Deny inbound UDP from 
192.168.0.1/20854 to 10.253.83.126/53 due to DNS Query
# Dec 16 00:00:26 aaa.bbb.net %PIX-2-106001: Inbound TCP connection denied 
from
198.0.0.1/48236 to 10.0.0.1/25 flags SYN on interface outside

Before I munge together my own parser, I just wanted to see if anyone else 
already had, to avoid re-inventing the wheel.




More information about the list mailing list