PIX Syslog format

Unanswered Question
Nov 9th, 2002
User Badges:

Can someone explain how to decode the PRI section of the PIX Syslog packet?


I am familiar with decoding PRI's of <190> and those types, but I have never seen the ones that the PIX sends. 304001 and 106011 are the most common I see, but I don't know how to break these down into their facility and severity.


Thanks for the help!!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
steve.barlow Sun, 11/10/2002 - 05:17
User Badges:
  • Silver, 250 points or more

If a message is listed in syslog as %PIX-1-101001, "101001" is the message identifier number (ie the message ID) and the "1" is the severity.


So in detail, the format is "%PIX-Level-Message_number: Message_text":


"PIX" identifies the message facility code for messages generated by the PIX Firewall.


"Level" reflects the severity of the condition described by the message. The lower the number, the more severe the condition. Logging is set to level 3 (error) by default.


"Message_number" is the number code that uniquely identifies the message (meesage ID).


"Message_text" is a text string describing the condition. This portion of the message sometimes includes IP addresses, port numbers, or usernames.


Here are the PIX 6.2 syslog messages: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a00800eca3d.html


Here they are grouped by severity: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a00800eca3f.html


Hope it helps.

Steve

Actions

This Discussion