This article applies to:
- Security Reporting Center 2.x
- WebTrends Firewall Suite 4.1x
- Cisco Pix 6.2
Question:
How do I determine if a Cisco Pix log file is in the 6.2 format?
Procedure:
If the log contains entries similar to "from inside:10.x.x.x/3338 to outside:10.x.x.x", then it is in 6.2 format. A sample of information from a Cisco Pix 6.2 log file looks like this:
|
WTsyslog[2002-04-04 10:20:35 ip=10.0.0.1 pri=6] <166>%PIX-6-305011: Built dynamic TCP translation from inside:127.0.0.1/1111 to outside:1.1.1.1/1026
WTsyslog[2002-04-04 10:20:35 ip=10.0.0.1 pri=6] <166>%PIX-6-302013: Built outbound TCP connection 3 for outside:127.0.0.1/80 (64.28.67.114/80) to inside:1.1.1.1/1026(172.16.0.200/1026)
WTsyslog[2002-04-04 10:20:35 ip=10.0.0.1 pri=6] <166>%PIX-6-305011: Built dynamic TCP translation from inside:127.0.0.1/1111 to outside:1.1.1.1/1026
WTsyslog[2002-04-04 10:20:35 ip=10.0.0.1 pri=6] <166>%PIX-6-302013: Built outbound TCP connection 4 for outside:127.0.0.1/80 (64.28.67.57/80) to inside:1.1.1.1/1026 (172.16.0.200/1027)
WTsyslog[2002-04-04 10:20:35 ip=10.0.0.1 pri=6] <166>%PIX-6-305011: Built dynamic TCP translation from inside:127.0.0.1/443 to outside:1.1.1.1/1026
WTsyslog[2002-04-04 10:20:35 ip=10.0.0.1 pri=6] <166>%PIX-6-302013: Built outbound TCP connection 5 for outside:127.0.0.1/443 (64.28.67.57/80) to inside:1.1.1.1/1026 (172.16.0.200/1028)
WTsyslog[2002-04-04 10:20:35 ip=10.0.0.1 pri=6] <166>%PIX-6-305011: Built dynamic TCP translation from inside:127.0.0.1/1111 to outside:1.1.1.1/1026
|
Notes:
To run reports for Cisco Pix 6.2 log files, please install Firewall Suite 4.1c. If you are using 4.1a, please apply the patch noted in the following knowledge base article:
Q10450: How do I run reports for a Cisco Pix 6.2/6.3 log file?
- This article was previously published as:
- NETIQKB12761