Hi Gabriel,
You just have to write no names in the configuration on the
PIX then the names will not be in
the logfile. But they can still use the name command for
configuration.
Regards
Jorgen Hoffmeister
-----Original Message-----
From: loganalysis-bounces+jorgen=hoffmeister.dk lists.shmoo.com
[mailto:loganalysis-bounces+jorgen=hoffmeister.dklists.shmoo.com] On Behalf Of Gabriel Friedmann
Sent: 19. september 2006 23:13
To: loganalysislists.shmoo.com
Subject: [logs] Cisco Names in logs
Hey All!
My network team sure does love using the PIX name command.
see:
http://www.cis
co.com/en/US/products/ps6120/products_command_reference_chap
ter09186a00805fb9d9.html
Problem is, after running a command such as
name 192.168.42.3 FOOHOST
The Logs the PIX spits out look like this:
Sep 11 16:46:22 EST: %FWSM-4-106023: Deny tcp src
inside:10.6.1.106/4491
dst BETAWEB:FOOHOST/135 by access-group
"inside_access_in"
Notice that instead of a Destination IP address, my log has
a silly String
Value of FOOHOST. This breaks many parsing engines!
Has anyone else run into this? Is there a solution that
still allowed
them to configure their Cisco with Names and log the IP
address so it
still plays nicely with log analysis tools?
_______________________________________________
LogAnalysis mailing list
LogAnalysislists.shmoo.com
h
ttp://lists.shmoo.com/mailman/listinfo/loganalysis
_______________________________________________
LogAnalysis mailing list
LogAnalysislists.shmoo.com
h
ttp://lists.shmoo.com/mailman/listinfo/loganalysis
|