Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

PIX Syslog format

Can someone explain how to decode the PRI section of the PIX Syslog packet?

I am familiar with decoding PRI's of <190> and those types, but I have never seen the ones that the PIX sends. 304001 and 106011 are the most common I see, but I don't know how to break these down into their facility and severity.

Thanks for the help!!

2 REPLIES

Re: PIX Syslog format

If a message is listed in syslog as %PIX-1-101001, "101001" is the message identifier number (ie the message ID) and the "1" is the severity.

So in detail, the format is "%PIX-Level-Message_number: Message_text":

"PIX" identifies the message facility code for messages generated by the PIX Firewall.

"Level" reflects the severity of the condition described by the message. The lower the number, the more severe the condition. Logging is set to level 3 (error) by default.

"Message_number" is the number code that uniquely identifies the message (meesage ID).

"Message_text" is a text string describing the condition. This portion of the message sometimes includes IP addresses, port numbers, or usernames.

Here are the PIX 6.2 syslog messages: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a00800eca3d.html

Here they are grouped by severity: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a00800eca3f.html

Hope it helps.

Steve

New Member

Re: PIX Syslog format

That answered my question. Thanks for the help!!

274
Views
0
Helpful
2
Replies
CreatePlease to create content