Hi.I'm trying to make an custom parser for ACE logs.And it works fine except denied icmp traffic, The problem is the event-id is the same in ACE (%ACE-4-106023).The parser check for protocol type and src ip,src port and so on. Icmp however is logged ...
Found a solution to this problem today.I got the tip that i would have to upgrade the ips sig:s from our support provider.That didn't help thou, i couldn't upgrade to 6.0.5 in GUI.Logged in to cli and fired of an pnupgrade with upgrade package 6.0.4....