Greetings all. Apologies for the dramatic headline but I'm in a bit of a time crunch.
I have a 4215 running 6.0(3)E1. The device is inline. Below is an event which triggered,
evIdsAlert: eventId=1184881408377311643 severity=low vendor=Cisco
time: 2007/09/24 15:11:25 2007/09/24 15:11:25 UTC
signature: description=Recognized content type id=12673 version=S149
sigDetails: Recognized content type
addr: locality=any a.a.a.a
addr: locality=any b.b.b.b
os: idSource=unknown relevance=relevant type=unknown
riskRatingValue: attackRelevanceRating=relevant targetValueRating=medium 50
I have an external application which pull this same event from the sensor using a query *like* the following,
wget --user foo --password hoo http://a.b.c.d/cgi-bin/event-server?events=evAlert
I'm able to pull most of the event information but not all. What I can't seem to get from query is the " deniedFlow: true" value. I'm seeing something like,
Notice the "deniedFlow: true" information missing between action.
Is my wget-ish query missing some arguments which is preventing me from pulling all the same information I can see from the CLI?
Thanks in advance.