Hi Gabriel,
You just have to write no names in the configuration on the PIX then the names will not be in
the logfile. But they can still use the name command for configuration.
Regards
Jorgen Hoffmeister
-----Original Message-----
From: loganalysis-bounces+jorgen=hoffmeister.dk@private [mailto:loganalysis-bounces+jorgen=hoffmeister.dk@private] On Behalf Of Gabriel Friedmann
Sent: 19. september 2006 23:13
To: loganalysis@private
Subject: [logs] Cisco Names in logs
Hey All!
My network team sure does love using the PIX name command.
see:
http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a00805fb9d9.html
Problem is, after running a command such as
name 192.168.42.3 FOOHOST
The Logs the PIX spits out look like this:
Sep 11 16:46:22 EST: %FWSM-4-106023: Deny tcp src inside:10.6.1.106/4491
dst BETAWEB:FOOHOST/135 by access-group "inside_access_in"
Notice that instead of a Destination IP address, my log has a silly String
Value of FOOHOST. This breaks many parsing engines!
Has anyone else run into this? Is there a solution that still allowed
them to configure their Cisco with Names and log the IP address so it
still plays nicely with log analysis tools?
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Tue Sep 19 2006 - 15:35:03 PDT