https://community.cisco.com/t5/network-security/pix-pdm-syslog-rule-number/m-p/389478#M555961 <HTML><HEAD></HEAD><BODY><P>1) There's a link in that you can use the numbers to insert new lines at arbitrary places in an access-lists, but aside from this ACL editing feature there's no other significance to the line numbers.</P><P></P><P>2) The syslog messages won't reference the individual ACL line numbers, but you can get increased detail by configuring ACL logging on individual ACL lines. The message lists which ACL was involved and the details of the protocol, and source and destination ports and addresses, but they don't specifically identify the actual ACL line that matched the packet. However, the log information in conjunction with the hit count in the "show access-list" command should allow you to determine the line reasonably easily, depending on how complex your ACL is, of course. This doesn't help 3rd party syslog tools report details on the ACL, but it might help you make the connection between the log message and the ACL entry more easily.</P><P></P><P>HTH</P></BODY></HTML> Fri, 22 Oct 2004 17:06:03 GMT ddawson 2004-10-22T17:06:03Z https://community.cisco.com/t5/network-security/pix-pdm-syslog-rule-number/m-p/389477#M555958 <P>Looking at the Pix Device Manager I can see access rules associated with reference numbers, just like many other vendors' firewall GUIs.</P><P></P><P>Now my questions are:</P><P>1) What is the link between such reference numbers and the actual PIX config file ?</P><P>2) Is there a way to insert such reference numbers into the syslog messages that the PIX sends out, in order to analyze the syslogs with 3rd party reporting tools ?</P><P></P><P>Thanks for collabations</P><P></P><P>Andrea</P> Fri, 21 Feb 2020 07:41:57 GMT https://community.cisco.com/t5/network-security/pix-pdm-syslog-rule-number/m-p/389477#M555958 apasquino 2020-02-21T07:41:57Z https://community.cisco.com/t5/network-security/pix-pdm-syslog-rule-number/m-p/389478#M555961 <HTML><HEAD></HEAD><BODY><P>1) There's a link in that you can use the numbers to insert new lines at arbitrary places in an access-lists, but aside from this ACL editing feature there's no other significance to the line numbers.</P><P></P><P>2) The syslog messages won't reference the individual ACL line numbers, but you can get increased detail by configuring ACL logging on individual ACL lines. The message lists which ACL was involved and the details of the protocol, and source and destination ports and addresses, but they don't specifically identify the actual ACL line that matched the packet. However, the log information in conjunction with the hit count in the "show access-list" command should allow you to determine the line reasonably easily, depending on how complex your ACL is, of course. This doesn't help 3rd party syslog tools report details on the ACL, but it might help you make the connection between the log message and the ACL entry more easily.</P><P></P><P>HTH</P></BODY></HTML> Fri, 22 Oct 2004 17:06:03 GMT https://community.cisco.com/t5/network-security/pix-pdm-syslog-rule-number/m-p/389478#M555961 ddawson 2004-10-22T17:06:03Z