The Cisco Intrusion Detection System (IDS) functionality on the PIX Firewall is only available in PIX Operating System (OS) version 6.0 and later. However, some signatures supported in the Cisco IDS Sensor are not available in the PIX.
The PIX lists these single-packet IDS signature messages:
The PIX lists single packet (atomic) Cisco IDS signature messages through the System Log (Syslog). All PIX IDS Syslog messages start with %PIX-4-4000nn (where nn is in the range of 00 through 51) and have this format:
%PIX-4-4000nn IDS:number string from IP_address to IP_address on interface interface_name
These descriptions define the format:
The number is the signature number.
The string is the signature message, and is approximately the same as the NetRanger signature message.
The IP_address is the local to remote address to which the signature applies.
The interface_name is the name of the interface where the signature originated.
%PIX-4-400013 IDS:2003 ICMP redirect from 10.4.1.2 to 10.2.1.1 on interface dmz
This means that the IDS log message 400013 is for the signature "ICMP redirect", whose signature ID is 2003.