Hi,

One of our client has a  Cisco IOS router 2851 with Zone Based Firewalls, enabled.

We tried to configure the router to receive the logs and we receive it in the following format:

<189>45: *Apr 11 11:22:14.757: %SYS-5-CONFIG_I: Configured from console by vty0 (10.151.xxx.xxx)
<190>46: *Apr 11 11:23:13.109: %FW-6-DROP_PKT: Dropping tcp session 10.151.xxx.xxx:1908 212.58.xxx.xxx:80  due to  RST inside current window with ip ident 0
<189>47: *Apr 11 11:38:02: %SYS-5-CONFIG_I: Configured from console by vty0 (10.151.xxx.xxx)
<190>48: *Apr 11 11:40:57: %FW-6-DROP_PKT: Dropping tcp session 10.151.xxx.xxx:2062 74.115.xxx.xxx:80 on zone-pair Outbound class CMAP_Inspect_Out due to  Stray Segment with ip ident 0

However, we support the following format:

<190>3711348: 3711346: Jul 23 15:29:xxx.xxx IST: %FW-6-SESS_AUDIT_TRAIL_START: Start https session: initiator (172.16.14.71:2721) -- responder (132.183.xxx.xxx:443)
<190>3711349: 3711347: Jul 23 15:29:59.465 IST: %FW-6-DROP_PKT: Dropping Other session 65.209.xxx.xxx:2721 132.183.106.17:443  due to  RST inside current window with ip ident 49293 tcpflags 0x5014 seq.no 1653005683 ack 1796295020
<190>3711350: 3711348: Jul 23 15:30:04.377 IST: %FW-6-SESS_AUDIT_TRAIL: Stop https session: initiator (172.16.xxx.xxx:2721) sent 807 bytes -- responder (132.183.xxx.xxx:443) sent 2062 bytes

Could you please let us know the exact steps required to recieve the above format?

If the logging needs to be enabled on Access Lists, could you please direct with the exact commands, from the console config mode?

Awaiting your response,

Thanks
Samy