Number of visitors:
Latest version: 2.4.3
 

SnortALog: IDS/IPS and Firewall Log Analyser
 

Information
What is SnortALog
Features
Changelog
Screen Shots
Reports
Requirements

Downloads
Download Section
Additional Files

Development
SnortALog Code

Support
Usage
Examples
Documentation

Logs
Snort
CheckPoint
Pix
NetScreen
Brick
NetFilter
IPFilter
PacketFilter
TippingPoint

Donate
Support SnortALog
My CV
Expected CISCO PIX logs
 
CISCO PIX syslog alert
Log 1: Jan 26 14:07:01 [127.0.0.1] Jan 26 2004 13:54:28: %PIX-4-106023: Deny icmp src outside:AAA.BBB.CCC.DDD dst DMZ:AAA.BBB.CCC.DDD (type 8, code 0) by access-group "outside"
Log 2: Jan 26 14:07:01 [127.0.0.1] Jan 26 2004 13:54:29: %PIX-4-106023: Deny tcp src outside:AAA.BBB.CCC.DDD/4564 dst DMZ:AAA.BBB.CCC.DDD/135 by access-group "outside"
Log 3: Jan 26 14:07:28 [127.0.0.1] Jan 26 2004 13:54:55: %PIX-4-106023: Deny udp src DMZ:AAA.BBB.CCC.DDD/123 dst outside:AAA.BBB.CCC.DDD/123 by access-group "dmzTOoutside"
Log 4: Jan 26 14:07:11 [127.0.0.1] Jan 26 2004 13:54:38: %PIX-5-304001: AAA.BBB.CCC.DDD Accessed URL AAA.BBB.CCC.DDD:/
Log 5: Jan 26 14:11:09 [127.0.0.1] Jan 26 2004 13:58:36: %PIX-5-304001: AAA.BBB.CCC.DDD Accessed URL AAA.BBB.CCC.DDD:/exchange
Log 6: Jan 26 14:26:12 [127.0.0.1] Jan 26 2004 14:13:40: %PIX-4-500004: Invalid transport field for protocol=6, from AAA.BBB.CCC.DDD/0 to AAA.BBB.CCC.DDD/3128
Log 7: Jan 28 12:23:15 [127.0.0.1] %PIX-2-106016: Deny IP spoof from (127.0.0.1) to AAA.BBB.CCC.DDD on interface outside
Log 8: Jan 28 12:23:58 [127.0.0.1] %PIX-4-106023: Deny tcp src outside:AAA.BBB.CCC.DDD/59148 dst DMZ:AAA.BBB.CCC.DDD/135 by access-group "outside"
Log 9: Jan 28 12:24:01 [127.0.0.1] %PIX-2-106016: Deny IP spoof from (127.0.0.1) to AAA.BBB.CCC.DDD on interface outside
Log 10: Jan 28 12:24:20 [127.0.0.1] %PIX-4-106023: Deny icmp src outside:AAA.BBB.CCC.DDD dst DMZ:AAA.BBB.CCC.DDD (type 3, code 13) by access-group "outside"
Log 11: Jan 28 12:25:27 [127.0.0.1] %PIX-5-111008: User 'userman' executed the 'pdm location AAA.BBB.CCC.DDD 255.255.255.255 outside' command.
Log 12: Jan 28 12:26:17 [127.0.0.1] %PIX-5-111007: Begin configuration: AAA.BBB.CCC.DDD reading from http [POST]
Log 13: Jan 28 12:27:18 [127.0.0.1] %PIX-5-304001: AAA.BBB.CCC.DDD Accessed URL AAA.BBB.CCC.DDD:/exchange
Log 14: Jan 28 12:27:20 [127.0.0.1] %PIX-4-400011: IDS:2001 ICMP unreachable from AAA.BBB.CCC.DDD to AAA.BBB.CCC.DDD on interface outside
Log 15: Jan 28 12:27:24 [127.0.0.1] %PIX-4-400010: IDS:2000 ICMP echo reply from AAA.BBB.CCC.DDD to AAA.BBB.CCC.DDD on interface outside
Log 16: Feb 02 09:12:54 [127.0.0.1] %PIX-1-104002: (P) Switching to STANDBY
Log 17: Feb 02 15:30:54 [127.0.0.1] %PIX-1-105032: Failover LAN interface is DOWN
Log 18: Feb 01 12:44:54 [127.0.0.1] %PIX-1-101003: (Secondary) Failover cable not connected (this unit)
Log 19: Feb 1 04:06:19 HOST_SYSLOG Jan 31 2007 21:09:06 HOST_PIX : %PIX-3-106011: Deny inbound (No xlate) udp src inside:AAA.BBB.CCC.DDD/3066 dst inside:AAA.BBB.CCC.DDD/161
Log 20: Feb 1 04:06:19 HOST_SYSLOG Jan 31 2007 21:09:06 HOST_PIX : %PIX-6-110001: No route to AAA.BBB.CCC.DDD from AAA.BBB.CCC.DDD
Log 21: Feb 1 04:06:21 HOST_SYSLOG Jan 31 2007 21:09:08 HOST_PIX : %PIX-3-106011: Deny inbound (No xlate) udp src inside:AAA.BBB.CCC.DDD/3066 dst inside:AAA.BBB.CCC.DDD/161
Log 22: Feb 1 04:06:26 HOST_SYSLOG Jan 31 2007 21:09:14 HOST_PIX : %PIX-2-106001: Inbound TCP connection denied from AAA.BBB.CCC.DDD/2496 to AAA.BBB.CCC.DDD/139 flags SYN on interface outside
 
  
 
 
Snort Perl Linux

powered by Jérémy Chartier
© SnortALog 2000-2011