Here is row syslog msg example:
"<164>May 25 2008 18:30:29: %PIX-4-106023: Deny udp src RET-inside:RETSEAP002V/137 dst RETREBRAND-AD:pobdc005/137 by access-group "RETREBRAND-AD_access_out" [0x0, 0x0]"
I want to track such connections: for example, in case when a customer need an access to some resource from inside to DMZ or...whatever. I can query on demand or just create a rule which will "make" incidents. Also, I have CSM plugged with MARS. But MARS tracks such events (syslog entries) as unresolved. Here what I mean: the SourceIP and DestinationIP showed as 0.0.0.0. Policy Table Lookup process becomes impossible - the CSM icon "Policy Query" (looks like crazy planet:) ) is not showed.
Is it possible to resolve this issue in next realises? During device discovery (analyzing config file) MARS can resolve such objects into real IP addresses (or at least resolveble domain naims) and tracks it correctly.