https://community.cisco.com/t5/network-security/doubt-in-ips-log/m-p/764215#M86366 <HTML><HEAD></HEAD><BODY><P>The 192.x.x.x is the IP address of the device sending this syslog, most likely the IOS IPS router.</P><P>SEV: 75 Must be a new numerical way of desrcibing severity, what version of IOS are you running, &gt;12.4.6T?</P><P>The 4 in %IPS-4 is the syslog level, 4 is the Warning level <A class="jive-link-custom" href="http://www.routergod.com/agentsmith/" target="_blank">http://www.routergod.com/agentsmith/</A></P><P>RiskRating is a Cisco thing (you really didn't search CCO much before porting your questions, did you?)</P><P><A class="jive-link-custom" href="http://cisco.com/en/US/products/hw/vpndevc/ps4077/products_white_paper0900aecd80191021.shtml" target="_blank">http://cisco.com/en/US/products/hw/vpndevc/ps4077/products_white_paper0900aecd80191021.shtml</A></P></BODY></HTML> Fri, 22 Jun 2007 16:36:20 GMT rhermes 2007-06-22T16:36:20Z https://community.cisco.com/t5/network-security/doubt-in-ips-log/m-p/764214#M86365 <P>Hi,</P><P></P><P>I am trying to develop a script which will list events based on certain conditions. For this i need to know about all the attributes in the logs.</P><P></P><P>Below is a sample log,</P><P></P><P>05-12-2007 23:57:28 192.x.x.x local7.warn 2069294: 2080360: May 12 2007 23:56:48.813 CDT: %IPS-4-SIGNATURE: Sig:3109 Subsig:0 Sev:75 [&lt;SRC IP&gt;:&lt;SRC_PORT&gt; -&gt; &lt;Destination IP&gt;:&lt;DST_PORT&gt;] RiskRating:56</P><P></P><P>Following are the attributes which i am unable to determine,</P><P>192.x.x.x - ip of the device ? </P><P>SEV:75 - severity ? then what is "4" in %IPS-4 ? what is the range for this ?</P><P>what is RiskRating:56 ?</P><P></P><P>thanx in advance.</P><P>-S-</P> Sun, 10 Mar 2019 10:40:07 GMT https://community.cisco.com/t5/network-security/doubt-in-ips-log/m-p/764214#M86365 linker.team 2019-03-10T10:40:07Z https://community.cisco.com/t5/network-security/doubt-in-ips-log/m-p/764215#M86366 <HTML><HEAD></HEAD><BODY><P>The 192.x.x.x is the IP address of the device sending this syslog, most likely the IOS IPS router.</P><P>SEV: 75 Must be a new numerical way of desrcibing severity, what version of IOS are you running, &gt;12.4.6T?</P><P>The 4 in %IPS-4 is the syslog level, 4 is the Warning level <A class="jive-link-custom" href="http://www.routergod.com/agentsmith/" target="_blank">http://www.routergod.com/agentsmith/</A></P><P>RiskRating is a Cisco thing (you really didn't search CCO much before porting your questions, did you?)</P><P><A class="jive-link-custom" href="http://cisco.com/en/US/products/hw/vpndevc/ps4077/products_white_paper0900aecd80191021.shtml" target="_blank">http://cisco.com/en/US/products/hw/vpndevc/ps4077/products_white_paper0900aecd80191021.shtml</A></P></BODY></HTML> Fri, 22 Jun 2007 16:36:20 GMT https://community.cisco.com/t5/network-security/doubt-in-ips-log/m-p/764215#M86366 rhermes 2007-06-22T16:36:20Z https://community.cisco.com/t5/network-security/doubt-in-ips-log/m-p/764216#M86367 <HTML><HEAD></HEAD><BODY><P>Thx for the reply. </P></BODY></HTML> Tue, 26 Jun 2007 13:49:06 GMT https://community.cisco.com/t5/network-security/doubt-in-ips-log/m-p/764216#M86367 linker.team 2007-06-26T13:49:06Z