[Dshield] Differing Cisco PIX log format
jbaker at filonet.ca
Tue Mar 26 19:47:10 GMT 2002
Just wondering if anyone else has a PIX and sees the logging in a fairly
different format than the pre-packaged dshield pix parser thinks it'll be...
My PIX is dumping the lines like this:
Mar 26 11:38:49 gateway %PIX-4-106023: Deny tcp src
outside:aaa.aaa.aaa.aaa/60014 dst inside:bbb.bbb.bbb.bbb/113 by access-group
The parser is expecting (according to the samples in it):
# Dec 16 00:00:21 aaa.bbb.net %PIX-2-106007: Deny inbound UDP from
192.168.0.1/20854 to 10.253.83.126/53 due to DNS Query
# Dec 16 00:00:26 aaa.bbb.net %PIX-2-106001: Inbound TCP connection denied
18.104.22.168/48236 to 10.0.0.1/25 flags SYN on interface outside
Before I munge together my own parser, I just wanted to see if anyone else
already had, to avoid re-inventing the wheel.
More information about the list