unsupported PIX record types in pix2dlf (was: Re: Error messages with Cisco PIX logs)
Joost van Baal
joostvb at logreport.org
Wed Mar 26 12:33:32 CET 2003
Hi Roberto,
On Wed, Mar 26, 2003 at 09:18:29AM +0100, roberto.dalzilio at sistemi.com wrote:
>
> When I start lire to process a cisco pix logs file, they show these
> messages more times, Why? However Lire create report anywhere.
>
>
> all pix lr_tag-20030324112518-22208 pix2dlf warning skipped unknown PIX
> record: Mar 20 23:14:04 pix.sisteminet.it Mar 21 2003 00:13:44:
> %PIX-4-500004: Invalid transport field for protocol=6, from
> 65.239.145.178/0 to 194.185.106.178/1080
> all pix lr_tag-20030324112518-22208 pix2dlf warning please mail
> development at logreport.org if you'd like PIX messages of type 500004 to be
> supported in future releases. of course, supplying a patch will
> drastically speed up development!
The quoted line from your PIX log file was skipped. No information
from this line has been used to generate the report. However,
some information might have been useful. Therefore, it might better
have been used and represented in the firewall DLF file.
In pix2dlf(1), you can read
For now, only messages
%PIX-2-106001 %PIX-2-106002 %PIX-2-106006 %PIX-2-106007
%PIX-3-106010 %PIX-3-106014 %PIX-6-106015 %PIX-1-106021
%PIX-4-106023 %PIX-6-302002 %PIX-6-302006 %PIX-6-302014
%PIX-6-302016
are used.
There are more PIX message types. Patches are welcome, as the Lire
message says. (Be warned: Cisco PIX logs are a major PITA. Annoying
incompatibilities among different PIX versions, too... :( )
Bye,
Joost
--
. . http://logreport.com/
| '.| /^LogReport$/
| Lire http://logreport.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.logreport.org/pipermail/development/attachments/20030326/bfd106e4/attachment.bin
More information about the Development
mailing list