06-22-2007 04:34 AM - edited 03-10-2019 03:40 AM
Hi,
I am trying to develop a script which will list events based on certain conditions. For this i need to know about all the attributes in the logs.
Below is a sample log,
05-12-2007 23:57:28 192.x.x.x local7.warn 2069294: 2080360: May 12 2007 23:56:48.813 CDT: %IPS-4-SIGNATURE: Sig:3109 Subsig:0 Sev:75 [<SRC IP>:<SRC_PORT> -> <Destination IP>:<DST_PORT>] RiskRating:56
Following are the attributes which i am unable to determine,
192.x.x.x - ip of the device ?
SEV:75 - severity ? then what is "4" in %IPS-4 ? what is the range for this ?
what is RiskRating:56 ?
thanx in advance.
-S-
06-22-2007 09:36 AM
The 192.x.x.x is the IP address of the device sending this syslog, most likely the IOS IPS router.
SEV: 75 Must be a new numerical way of desrcibing severity, what version of IOS are you running, >12.4.6T?
The 4 in %IPS-4 is the syslog level, 4 is the Warning level http://www.routergod.com/agentsmith/
RiskRating is a Cisco thing (you really didn't search CCO much before porting your questions, did you?)
http://cisco.com/en/US/products/hw/vpndevc/ps4077/products_white_paper0900aecd80191021.shtml
06-26-2007 06:49 AM
Thx for the reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide