[Dshield] Differing Cisco PIX log format

Jason Baker jbaker at filonet.ca
Tue Mar 26 19:47:10 GMT 2002

Just wondering if anyone else has a PIX and sees the logging in a fairly 
different format than the pre-packaged dshield pix parser thinks it'll be...

My PIX is dumping the lines like this:

Mar 26 11:38:49 gateway %PIX-4-106023: Deny tcp src 
outside:aaa.aaa.aaa.aaa/60014 dst inside:bbb.bbb.bbb.bbb/113 by access-group 

The parser is expecting (according to the samples in it):
# Dec 16 00:00:21 aaa.bbb.net %PIX-2-106007: Deny inbound UDP from to due to DNS Query
# Dec 16 00:00:26 aaa.bbb.net %PIX-2-106001: Inbound TCP connection denied 
from to flags SYN on interface outside

Before I munge together my own parser, I just wanted to see if anyone else 
already had, to avoid re-inventing the wheel.

More information about the list mailing list