Log Samples

Cisco PIX Log Samples

Samples genereated with firmware version: 6.1(2)
Date entry created: 2004-03-29

General Information

Cisco PIX identifies messages via a message number that goes into the tag field. The message format can be parsed based on that message number. Obviously, there are many messages. PIX uses a quite consitent scheme of name/value pairs. Name and value are bound just by a space, so this scheme is postion dependant (e.g. "gaddr 192.0.0.1/25")

Ressources

Cisco's message reference guides (very useful)
Configuration guides by Adiscon [Tutorial] [Quick Reference]

Sample with Description

This section covers one or many message and how they can be described in generic terms. We use the syntax descriptions outlined by Rainer Gerhards.

Sample log line (broken for readability):

Mar 29 2004 09:54:18: %PIX-6-302005: Built UDP connection for faddr 198.207.223.240/53337 gaddr 10.0.0.187/53 laddr 192.168.0.2/53

Only the part after the TAG is considered:

Property	Syntax	(expected) Data
Filler	charmap	"Built "
Protocol-Type	Word
Filler	charmap	" connection for faddr"
faddr-ip	IPV4
Filler	charmap	"/"
faddr-port	Integer
Filler	charmap	" "
gaddr-ip	IPV4
Filler	charmap	"/"
gaddr-port	Integer
Filler	charmap	" "
laddr-ip	IPV4
Filler	charmap	"/"
laddr-port	Integer

It is interesting to note that the following pattern is repeating:

laddr-ip	IPV4
Filler	charmap	"/"
laddr-port	Integer

This looks like a separate syntax that should be supported: IPV4"/"Integer - in this case, we need to set two properties, both the port plus the integer. Inside a generalizer, we could name these "propname-IP" and "propname-Integer" where propname is the actual property name (in the sample above, this whould be "laddr-IP" and "laddr-Integer".

This IPV4-Integer syntax is often present in PIX data, even in different message numbers. Please note that it could also be utilized to specify networks including mask (e.g. 10.0.0.0/8).

Sample Data

Mar 29 2004 09:54:18: %PIX-6-302005: Built UDP connection for faddr 198.207.223.240/53337 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:54:19: %PIX-6-302005: Built UDP connection for faddr 198.207.223.240/3842 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:54:19: %PIX-6-302005: Built UDP connection for faddr 198.207.223.240/36205 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:54:26: %PIX-4-106023: Deny icmp src outside:Some-Cisco dst inside:10.0.0.187 (type 3, code 1) by access-group "outside_access_in"
Mar 29 2004 09:54:27: %PIX-4-106023: Deny icmp src outside:Some-Cisco dst inside:10.0.0.187 (type 3, code 1) by access-group "outside_access_in"
Mar 29 2004 09:54:29: %PIX-4-106023: Deny icmp src outside:Some-Cisco dst inside:10.0.0.187 (type 3, code 1) by access-group "outside_access_in"
Mar 29 2004 09:54:30: %PIX-6-106015: Deny TCP (no connection) from 192.168.0.2/2794 to 192.168.216.1/2357 flags SYN ACK on interface inside
Mar 29 2004 09:54:32: %PIX-6-302006: Teardown UDP connection for faddr 192.168.245.1/137 gaddr 10.0.0.187/2789 laddr 192.168.0.2/2789 ()
Mar 29 2004 09:54:32: %PIX-6-302006: Teardown UDP connection for faddr 192.168.110.1/137 gaddr 10.0.0.187/2790 laddr 192.168.0.2/2790 ()
Mar 29 2004 09:54:32: %PIX-6-302006: Teardown UDP connection for faddr 198.207.223.240/53337 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:54:33: %PIX-6-106015: Deny TCP (no connection) from 192.168.0.2/2794 to 192.168.216.1/2357 flags SYN ACK on interface inside
Mar 29 2004 09:54:38: %PIX-6-302005: Built UDP connection for faddr 194.224.52.6/36455 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:54:39: %PIX-6-106015: Deny TCP (no connection) from 192.168.0.2/2794 to 192.168.216.1/2357 flags SYN ACK on interface inside
Mar 29 2004 09:54:39: %PIX-6-302005: Built UDP connection for faddr 194.224.52.4/44549 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:54:39: %PIX-6-302005: Built UDP connection for faddr 80.58.34.99/32772 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:54:46: %PIX-6-302005: Built UDP connection for faddr 80.132.253.64/14791 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:54:46: %PIX-6-302006: Teardown UDP connection for faddr 80.132.253.64/14791 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:54:46: %PIX-6-302005: Built UDP connection for faddr 80.132.253.64/14791 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:00: %PIX-6-302005: Built UDP connection for faddr 80.58.4.34/37074 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:03: %PIX-6-302006: Teardown UDP connection for faddr 198.207.223.240/3842 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:03: %PIX-6-302006: Teardown UDP connection for faddr 198.207.223.240/36205 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:03: %PIX-6-302006: Teardown UDP connection for faddr 194.224.52.6/36455 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:03: %PIX-6-302006: Teardown UDP connection for faddr 194.224.52.4/44549 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:03: %PIX-6-302006: Teardown UDP connection for faddr 80.58.34.99/32772 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:03: %PIX-6-302006: Teardown UDP connection for faddr 80.132.253.64/14791 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:03: %PIX-6-302006: Teardown UDP connection for faddr 80.58.4.34/37074 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:03: %PIX-6-305003: Teardown translation for global 10.0.0.188 local 192.168.0.6
Mar 29 2004 09:55:23: %PIX-6-302005: Built UDP connection for faddr 193.192.160.244/3053 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:23: %PIX-6-302006: Teardown UDP connection for faddr 193.192.160.244/3053 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:23: %PIX-6-302005: Built UDP connection for faddr 193.192.160.244/3053 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:25: %PIX-6-302005: Built UDP connection for faddr 66.196.65.40/51250 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:31: %PIX-6-302001: Built outbound TCP connection 152017 for faddr 212.56.240.37/9200 gaddr 10.0.0.187/2795 laddr 192.168.0.2/2795 ()
Mar 29 2004 09:55:32: %PIX-6-302005: Built UDP connection for faddr 217.160.131.171/1030 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:32: %PIX-6-302006: Teardown UDP connection for faddr 217.160.131.171/1030 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:32: %PIX-6-302006: Teardown UDP connection for faddr 217.160.131.171/1030 gaddr 10.0.0.187/53 laddr 192.168.0.2/53 ()
Mar 29 2004 09:55:32: %PIX-6-302005: Built UDP connection for faddr 217.160.131.171/1030 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:32: %PIX-6-302006: Teardown UDP connection for faddr 217.160.131.171/1030 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:32: %PIX-6-302001: Built inbound TCP connection 152022 for faddr 217.160.131.171/4336 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:32: %PIX-6-302006: Teardown UDP connection for faddr 217.160.131.171/1030 gaddr 10.0.0.187/53 laddr 192.168.0.2/53 ()
Mar 29 2004 09:55:32: %PIX-6-302005: Built UDP connection for faddr 217.160.131.171/1030 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:32: %PIX-6-302006: Teardown UDP connection for faddr 217.160.131.171/1030 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:32: %PIX-6-302005: Built UDP connection for faddr 217.160.131.171/1030 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:32: %PIX-6-302006: Teardown UDP connection for faddr 217.160.131.171/1030 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:32: %PIX-6-302005: Built UDP connection for faddr 217.160.131.171/1030 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:34: %PIX-6-302006: Teardown UDP connection for faddr 194.64.31.12/59988 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:34: %PIX-6-302006: Teardown UDP connection for faddr 193.192.160.244/3053 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:40: %PIX-6-302005: Built UDP connection for faddr 195.70.224.45/33064 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:40: %PIX-6-302006: Teardown UDP connection for faddr 195.70.224.45/33064 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:40: %PIX-6-302005: Built UDP connection for faddr 195.70.224.45/33064 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:47: %PIX-6-302005: Built UDP connection for faddr 62.189.34.82/32914 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:47: %PIX-6-302006: Teardown UDP connection for faddr 62.189.34.82/32914 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:47: %PIX-6-302005: Built UDP connection for faddr 62.189.34.82/32914 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:49: %PIX-6-302006: Teardown UDP connection for faddr 62.189.34.82/32914 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:49: %PIX-6-302005: Built UDP connection for faddr 62.189.34.82/32914 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:52: %PIX-6-302005: Built UDP connection for faddr 62.189.94.209/61016 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:52: %PIX-6-302006: Teardown UDP connection for faddr 62.189.94.209/61016 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:52: %PIX-6-302005: Built UDP connection for faddr 62.189.94.209/61016 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:53: %PIX-6-302005: Built UDP connection for faddr 195.129.12.114/62096 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:53: %PIX-6-302006: Teardown UDP connection for faddr 195.129.12.114/62096 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:53: %PIX-6-302005: Built UDP connection for faddr 195.129.12.114/62096 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:53: %PIX-6-302005: Built UDP connection for faddr 194.114.201.13/48355 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:54: %PIX-6-302006: Teardown UDP connection for faddr 62.189.94.209/61016 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:54: %PIX-6-302005: Built UDP connection for faddr 62.189.94.209/61016 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:54: %PIX-6-302005: Built UDP connection for faddr 203.124.140.107/12519 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:55: %PIX-6-302006: Teardown UDP connection for faddr 195.129.12.114/62096 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:55: %PIX-6-302005: Built UDP connection for faddr 195.129.12.114/62096 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:55: %PIX-6-302005: Built UDP connection for faddr 203.124.140.107/12520 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:55:56: %PIX-6-302005: Built UDP connection for faddr 195.146.160.3/16708 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:00: %PIX-6-106015: Deny TCP (no connection) from 192.168.0.2/2796 to 192.168.80.1/1719 flags SYN ACK on interface inside
Mar 29 2004 09:56:02: %PIX-6-302005: Built UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:02: %PIX-6-302006: Teardown UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:02: %PIX-6-302005: Built UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:03: %PIX-6-106015: Deny TCP (no connection) from 192.168.0.2/2796 to 192.168.80.1/1719 flags SYN ACK on interface inside
Mar 29 2004 09:56:03: %PIX-6-302006: Teardown UDP connection for faddr 194.114.201.13/48355 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:03: %PIX-6-302005: Built UDP connection for faddr 194.114.201.13/48355 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:04: %PIX-6-302006: Teardown UDP connection for faddr 192.168.202.1/137 gaddr 10.0.0.187/2791 laddr 192.168.0.2/2791 ()
Mar 29 2004 09:56:04: %PIX-6-302006: Teardown UDP connection for faddr 192.42.93.30/10550 gaddr 10.0.0.187/1059 laddr 192.168.0.2/1059 ()
Mar 29 2004 09:56:04: %PIX-6-302006: Teardown UDP connection for faddr 137.65.1.1/10550 gaddr 10.0.0.187/1059 laddr 192.168.0.2/1059 ()
Mar 29 2004 09:56:04: %PIX-6-302006: Teardown UDP connection for faddr 66.196.65.40/51250 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:04: %PIX-6-302006: Teardown UDP connection for faddr 217.160.131.171/1030 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:04: %PIX-6-302002: Teardown TCP connection 152022 faddr 217.160.131.171/4336 gaddr 10.0.0.187/53 laddr 192.168.0.2/53 duration 0:00:32 bytes 68 (TCP FINs)
Mar 29 2004 09:56:04: %PIX-6-302006: Teardown UDP connection for faddr 193.108.91.93/6463 gaddr 10.0.0.187/1059 laddr 192.168.0.2/1059 ()
Mar 29 2004 09:56:04: %PIX-6-302006: Teardown UDP connection for faddr 192.42.93.30/6464 gaddr 10.0.0.187/1059 laddr 192.168.0.2/1059 ()
Mar 29 2004 09:56:04: %PIX-6-302006: Teardown UDP connection for faddr 192.42.93.30/2383 gaddr 10.0.0.187/1059 laddr 192.168.0.2/1059 ()
Mar 29 2004 09:56:04: %PIX-6-302006: Teardown UDP connection for faddr 216.52.17.52/6464 gaddr 10.0.0.187/1059 laddr 192.168.0.2/1059 ()
Mar 29 2004 09:56:04: %PIX-6-302006: Teardown UDP connection for faddr 195.70.224.45/33064 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:08: %PIX-6-302006: Teardown UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:08: %PIX-6-302005: Built UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:08: %PIX-6-302006: Teardown UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:08: %PIX-5-109012: Authen Session End: user '', sid 1, elapsed 313 seconds
Mar 29 2004 09:56:08: %PIX-6-302006: Teardown UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:08: %PIX-6-302005: Built UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:09: %PIX-6-106015: Deny TCP (no connection) from 192.168.0.2/2796 to 192.168.80.1/1719 flags SYN ACK on interface inside
Mar 29 2004 09:56:13: %PIX-6-302006: Teardown UDP connection for faddr 194.114.201.13/48355 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:13: %PIX-6-302005: Built UDP connection for faddr 194.114.201.13/48355 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:13: %PIX-6-302006: Teardown UDP connection for faddr 194.114.201.13/48355 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:13: %PIX-6-302005: Built UDP connection for faddr 194.114.201.13/48355 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:15: %PIX-6-302005: Built UDP connection for faddr 194.25.0.125/38729 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:17: %PIX-6-302001: Built outbound TCP connection 152054 for faddr 66.102.9.99/80 gaddr 10.0.0.187/56669 laddr 192.168.0.2/56669
Mar 29 2004 09:56:17: %PIX-5-304001: 192.168.0.2 Accessed URL 66.102.9.99:/
Mar 29 2004 09:56:18: %PIX-6-302001: Built outbound TCP connection 152055 for faddr 66.102.9.104/80 gaddr 10.0.0.187/56670 laddr 192.168.0.2/56670
Mar 29 2004 09:56:18: %PIX-5-304001: 192.168.0.2 Accessed URL 66.102.9.104:/
Mar 29 2004 09:56:19: %PIX-6-302005: Built UDP connection for faddr 211.9.32.235/32770 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:19: %PIX-6-302006: Teardown UDP connection for faddr 211.9.32.235/32770 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:19: %PIX-6-302005: Built UDP connection for faddr 211.9.32.235/32770 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:23: %PIX-6-302001: Built outbound TCP connection 152058 for faddr 130.57.4.27/80 gaddr 10.0.0.187/56672 laddr 192.168.0.2/56672
Mar 29 2004 09:56:23: %PIX-5-304001: 192.168.0.2 Accessed URL 130.57.4.27:/
Mar 29 2004 09:56:24: %PIX-6-302006: Teardown UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:24: %PIX-6-302005: Built UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:24: %PIX-6-302001: Built outbound TCP connection 152060 for faddr 130.57.4.27/80 gaddr 10.0.0.187/56673 laddr 192.168.0.2/56673
Mar 29 2004 09:56:24: %PIX-5-304001: 192.168.0.2 Accessed URL 130.57.4.27:/inc/hdr_script_common.js
Mar 29 2004 09:56:24: %PIX-6-302006: Teardown UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:24: %PIX-6-302005: Built UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:26: %PIX-6-302002: Teardown TCP connection 152060 faddr 130.57.4.27/80 gaddr 10.0.0.187/56673 laddr 192.168.0.2/56673 duration 0:00:01 bytes 11143 (TCP Reset-I)
Mar 29 2004 09:56:26: %PIX-6-302002: Teardown TCP connection 152058 faddr 130.57.4.27/80 gaddr 10.0.0.187/56672 laddr 192.168.0.2/56672 duration 0:00:02 bytes 11641 (TCP Reset-I)
Mar 29 2004 09:56:26: %PIX-6-302001: Built outbound TCP connection 152062 for faddr 130.57.4.27/80 gaddr 10.0.0.187/56674 laddr 192.168.0.2/56674
Mar 29 2004 09:56:26: %PIX-5-304001: 192.168.0.2 Accessed URL 130.57.4.27:/de-de/
Mar 29 2004 09:56:27: %PIX-6-302006: Teardown UDP connection for faddr 203.124.140.107/12519 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:27: %PIX-6-302005: Built UDP connection for faddr 203.124.140.107/12519 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:27: %PIX-6-302001: Built outbound TCP connection 152064 for faddr 130.57.4.27/80 gaddr 10.0.0.187/56675 laddr 192.168.0.2/56675
Mar 29 2004 09:56:27: %PIX-5-304001: 192.168.0.2 Accessed URL 130.57.4.27:/common/inc/novell_style.css
Mar 29 2004 09:56:30: %PIX-6-302005: Built UDP connection for faddr 194.25.0.69/49933 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:32: %PIX-6-302005: Built UDP connection for faddr 195.235.113.3/14809 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:32: %PIX-6-302005: Built UDP connection for faddr 195.235.113.3/18429 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:35: %PIX-6-302006: Teardown UDP connection for faddr 194.114.201.13/48355 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:35: %PIX-6-302005: Built UDP connection for faddr 194.114.201.13/48355 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:35: %PIX-6-302006: Teardown UDP connection for faddr 194.114.201.13/48355 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:35: %PIX-6-302005: Built UDP connection for faddr 194.114.201.13/48355 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:35: %PIX-6-302006: Teardown UDP connection for faddr 192.168.216.1/137 gaddr 10.0.0.187/2793 laddr 192.168.0.2/2793
Mar 29 2004 09:56:35: %PIX-6-302006: Teardown UDP connection for faddr 203.124.140.107/12520 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:35: %PIX-6-302006: Teardown UDP connection for faddr 195.146.160.3/16708 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:35: %PIX-6-302006: Teardown UDP connection for faddr 62.189.94.209/61016 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:35: %PIX-6-302002: Teardown TCP connection 152017 faddr 212.56.240.37/9200 gaddr 10.0.0.187/2795 laddr 192.168.0.2/2795 duration 0:01:03 bytes 33424 (TCP FINs)
Mar 29 2004 09:56:35: %PIX-6-302006: Teardown UDP connection for faddr 194.25.0.125/38729 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:35: %PIX-6-302006: Teardown UDP connection for faddr 211.9.32.235/32770 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:35: %PIX-6-302006: Teardown UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:38: %PIX-6-302001: Built outbound TCP connection 152070 for faddr 216.52.17.116/80 gaddr 10.0.0.187/56677 laddr 192.168.0.2/56677
Mar 29 2004 09:56:38: %PIX-5-304001: 192.168.0.2 Accessed URL 216.52.17.116:/b/ss/novellcom/0/G.1-XP-R/s14102280031206?[AQB]&ndh=1&t=29/2/2004%2012%3A20%3A20%201%20-120&ch=www.novell.com/de-de/&server=www.novell.com&eVarCFG=200-200-200--&c5=de-de%3Ad
Mar 29 2004 09:56:39: %PIX-6-302002: Teardown TCP connection 152070 faddr 216.52.17.116/80 gaddr 10.0.0.187/56677 laddr 192.168.0.2/56677 duration 0:00:01 bytes 1551 (TCP Reset-I)
Mar 29 2004 09:56:39: %PIX-6-302001: Built outbound TCP connection 152071 for faddr 216.52.17.116/80 gaddr 10.0.0.187/56678 laddr 192.168.0.2/56678
Mar 29 2004 09:56:39: %PIX-5-304001: 192.168.0.2 Accessed URL 216.52.17.116:/b/ss/novellcom/0/G.1-XP-R/s14102280031206?[AQB]purl=http%3A%2F%2Fwww.novell.com%2Fde-de%2F&pccr=true&&ndh=1&t=29/2/2004%2012%3A20%3A20%201%20-120&ch=www.novell.com/de-de/&se
Mar 29 2004 09:56:39: %PIX-6-302002: Teardown TCP connection 152071 faddr 216.52.17.116/80 gaddr 10.0.0.187/56678 laddr 192.168.0.2/56678 duration 0:00:01 bytes 1329 (TCP Reset-I)
Mar 29 2004 09:56:50: %PIX-6-302005: Built UDP connection for faddr 192.168.202.1/137 gaddr 10.0.0.187/2797 laddr 192.168.0.2/2797
Mar 29 2004 09:56:50: %PIX-6-302005: Built UDP connection for faddr 192.168.216.1/137 gaddr 10.0.0.187/2798 laddr 192.168.0.2/2798
Mar 29 2004 09:56:50: %PIX-4-106023: Deny icmp src outside:Some-Cisco dst inside:10.0.0.187 (type 3, code 1) by access-group "outside_access_in"
Mar 29 2004 09:56:52: %PIX-6-302005: Built UDP connection for faddr 80.58.4.34/37074 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:52: %PIX-4-106023: Deny icmp src outside:Some-Cisco dst inside:10.0.0.187 (type 3, code 1) by access-group "outside_access_in"
Mar 29 2004 09:56:53: %PIX-6-302005: Built UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:53: %PIX-6-302006: Teardown UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:53: %PIX-6-302005: Built UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:53: %PIX-4-106023: Deny icmp src outside:Some-Cisco dst inside:10.0.0.187 (type 3, code 1) by access-group "outside_access_in"
Mar 29 2004 09:56:53: %PIX-6-302006: Teardown UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:53: %PIX-6-302005: Built UDP connection for faddr 194.114.201.14/46474 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:53: %PIX-6-302005: Built UDP connection for faddr 209.120.214.162/32769 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:53: %PIX-6-302006: Teardown UDP connection for faddr 209.120.214.162/32769 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:53: %PIX-6-302005: Built UDP connection for faddr 209.120.214.162/32769 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:56:55: %PIX-6-106015: Deny TCP (no connection) from 192.168.0.2/2799 to 192.168.202.1/2244 flags SYN ACK on interface inside
Mar 29 2004 09:56:58: %PIX-6-106015: Deny TCP (no connection) from 192.168.0.2/2799 to 192.168.202.1/2244 flags SYN ACK on interface inside
Mar 29 2004 09:57:02: %PIX-6-302005: Built UDP connection for faddr 66.246.44.108/59213 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:57:02: %PIX-6-302006: Teardown UDP connection for faddr 66.246.44.108/59213 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:57:02: %PIX-6-302005: Built UDP connection for faddr 66.246.44.108/59213 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:57:04: %PIX-6-106015: Deny TCP (no connection) from 192.168.0.2/2799 to 192.168.202.1/2244 flags SYN ACK on interface inside
Mar 29 2004 09:57:04: %PIX-6-302002: Teardown TCP connection 151958 faddr 212.227.109.224/80 gaddr 10.0.0.187/56614 laddr 192.168.0.2/56614 duration 0:04:56 bytes 11069 (TCP Reset-I)
Mar 29 2004 09:57:04: %PIX-6-302002: Teardown TCP connection 151957 faddr 212.227.109.224/80 gaddr 10.0.0.187/56613 laddr 192.168.0.2/56613 duration 0:04:56 bytes 11069 (TCP Reset-I)
Mar 29 2004 09:57:04: %PIX-6-302001: Built outbound TCP connection 152082 for faddr 212.227.109.224/80 gaddr 10.0.0.187/56683 laddr 192.168.0.2/56683
Mar 29 2004 09:57:04: %PIX-6-302001: Built outbound TCP connection 152083 for faddr 212.227.109.224/80 gaddr 10.0.0.187/56684 laddr 192.168.0.2/56684
Mar 29 2004 09:57:04: %PIX-5-304001: 192.168.0.2 Accessed URL 212.227.109.224:/stylelib/Microsites.css
Mar 29 2004 09:57:04: %PIX-5-304001: 192.168.0.2 Accessed URL 212.227.109.224:/scriptlib/ClientStdScripts.js
Mar 29 2004 09:57:06: %PIX-6-302006: Teardown UDP connection for faddr 203.124.140.107/12519 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:57:06: %PIX-6-302006: Teardown UDP connection for faddr 194.25.0.69/49933 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:57:06: %PIX-6-302006: Teardown UDP connection for faddr 195.235.113.3/14809 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:57:06: %PIX-6-302006: Teardown UDP connection for faddr 195.235.113.3/18429 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:57:06: %PIX-6-302006: Teardown UDP connection for faddr 194.114.201.13/48355 gaddr 10.0.0.187/53 laddr 192.168.0.2/53
Mar 29 2004 09:57:06: %PIX-6-302006: Teardown UDP connection for faddr 80.58.4.34/37074 gaddr 10.0.0.187/53 laddr 192.168.0.2/53

Syslog messages generated by these products can be received by MonitorWare Agent and WinSyslog.

All information in this section is to the best of our knowledge but without warrenty of any kind. This is free information - use it at your sole risk.

[Back to Log Samples]

HomeThe ProductsMonitorWare ProductsProduct ComparisonWhich one to Purchase?Order and PricingUpgrade Insurance InfoNews ReleasesVersion HistoryMonitorWare ToolsEvent RepositoryDownloadReference libraryGeneral InformationStep-by-step guidesAllInstallation and ConfigurationServices relatedActions relatedCentral MonitoringCommon UsesSyslog configurationSyslog Log SamplesSecurity ReferenceHelpSupportManualFAQAllGeneral questionsConfigurations relatedMonitorware AgentMonitorware ConsoleArticlesSeminars OnlineAllGeneralMonitorWare ConsoleMonitorWare AgentWinSyslog relatedEventReporterOrder & pricingOrder nowProduct ComparisonPricing InformationUpgrade Insurance InfoLocal ResellerContact UsSearch

Printer Version Send this page to a friend