11-09-2002 06:15 PM - edited 03-02-2019 02:47 AM
Can someone explain how to decode the PRI section of the PIX Syslog packet?
I am familiar with decoding PRI's of <190> and those types, but I have never seen the ones that the PIX sends. 304001 and 106011 are the most common I see, but I don't know how to break these down into their facility and severity.
Thanks for the help!!
11-10-2002 05:17 AM
If a message is listed in syslog as %PIX-1-101001, "101001" is the message identifier number (ie the message ID) and the "1" is the severity.
So in detail, the format is "%PIX-Level-Message_number: Message_text":
"PIX" identifies the message facility code for messages generated by the PIX Firewall.
"Level" reflects the severity of the condition described by the message. The lower the number, the more severe the condition. Logging is set to level 3 (error) by default.
"Message_number" is the number code that uniquely identifies the message (meesage ID).
"Message_text" is a text string describing the condition. This portion of the message sometimes includes IP addresses, port numbers, or usernames.
Here are the PIX 6.2 syslog messages: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a00800eca3d.html
Here they are grouped by severity: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a00800eca3f.html
Hope it helps.
Steve
11-10-2002 07:26 AM
That answered my question. Thanks for the help!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide