I am trying to develop a script which will list events based on certain conditions. For this i need to know about all the attributes in the logs.
Below is a sample log,
05-12-2007 23:57:28 192.x.x.x local7.warn 2069294: 2080360: May 12 2007 23:56:48.813 CDT: %IPS-4-SIGNATURE: Sig:3109 Subsig:0 Sev:75 [<SRC IP>:<SRC_PORT> -> <Destination IP>:<DST_PORT>] RiskRating:56
Following are the attributes which i am unable to determine,
192.x.x.x - ip of the device ?
SEV:75 - severity ? then what is "4" in %IPS-4 ? what is the range for this ?
what is RiskRating:56 ?
thanx in advance.