[logs] Cisco Names in logs

• Previous message: Ron A. Dilley: "[logs] Re: Log integrity handling on central logsystem"
• Next in thread: Jørgen Hoffmeister: "[logs] Re: Cisco Names in logs"
• Reply: Jørgen Hoffmeister: "[logs] Re: Cisco Names in logs"
• Reply: James: "[logs] Re: Cisco Names in logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hey All!

My network team sure does love using the PIX name command.

see:
http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a00805fb9d9.html

Problem is, after running a command such as
     name 192.168.42.3 FOOHOST

The Logs the PIX spits out look like this:

Sep 11 16:46:22 EST: %FWSM-4-106023: Deny tcp src inside:10.6.1.106/4491
dst BETAWEB:FOOHOST/135 by access-group "inside_access_in"


Notice that instead of a Destination IP address, my log has a silly String
Value of FOOHOST.   This breaks many parsing engines!


Has anyone else run into this?  Is there a solution that still allowed
them to configure their Cisco with Names and log the IP address so it
still plays nicely with log analysis tools?


_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Previous message: Ron A. Dilley: "[logs] Re: Log integrity handling on central logsystem"
• Next in thread: Jørgen Hoffmeister: "[logs] Re: Cisco Names in logs"
• Reply: Jørgen Hoffmeister: "[logs] Re: Cisco Names in logs"
• Reply: James: "[logs] Re: Cisco Names in logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Tue Sep 19 2006 - 15:08:55 PDT