Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Doubt in IPS log

Hi,

I am trying to develop a script which will list events based on certain conditions. For this i need to know about all the attributes in the logs.

Below is a sample log,

05-12-2007 23:57:28 192.x.x.x local7.warn 2069294: 2080360: May 12 2007 23:56:48.813 CDT: %IPS-4-SIGNATURE: Sig:3109 Subsig:0 Sev:75 [<SRC IP>:<SRC_PORT> -> <Destination IP>:<DST_PORT>] RiskRating:56

Following are the attributes which i am unable to determine,

192.x.x.x - ip of the device ?

SEV:75 - severity ? then what is "4" in %IPS-4 ? what is the range for this ?

what is RiskRating:56 ?

thanx in advance.

-S-

  • Intrusion Prevention Systems/IDS
2 REPLIES
Gold

Re: Doubt in IPS log

The 192.x.x.x is the IP address of the device sending this syslog, most likely the IOS IPS router.

SEV: 75 Must be a new numerical way of desrcibing severity, what version of IOS are you running, >12.4.6T?

The 4 in %IPS-4 is the syslog level, 4 is the Warning level http://www.routergod.com/agentsmith/

RiskRating is a Cisco thing (you really didn't search CCO much before porting your questions, did you?)

http://cisco.com/en/US/products/hw/vpndevc/ps4077/products_white_paper0900aecd80191021.shtml

New Member

Re: Doubt in IPS log

Thx for the reply.

159
Views
9
Helpful
2
Replies