Re: [Wallfire-users] Using wflogs/cisco_pix for ip accounting

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Well, really a huuuge list. To get out the most with the least effort I
would suggest to start
with  PIX-6-302014 and PIX-6-302016 messages. This would allow for an
accounting of
TCP and UDP bytes of legitimate connections.

Just my 2 cents.

Friedhelm
----- Original Message -----
From: "Hervé Eychenne" <rv...@wa...>
To: "Friedhelm Duesterhoeft" <fd...@ms...>
Cc: <wal...@li...>
Sent: Monday, April 28, 2003 8:07 PM
Subject: Re: [Wallfire-users] Using wflogs/cisco_pix for ip accounting

> On Sun, Apr 27, 2003 at 11:31:44PM +0200, Friedhelm Duesterhoeft wrote:
>
>  Hi,
>
> > thanx for your reply. Please find attached some sample logs (only PIX-6
> > lines). I think the sample should include all sorts - at least all I'm
> > interested in at the moment ;-). At at first view there are not too many
> > variations so I hope it's not very hard for you to build the regexps
> > required.
>
> > It would be nice if you could include pix info level parsing in one of
the
> > next releases. Wflogs rocks - thanks alot for your efforts!
>
> Please have a look at
>
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63sysl
og/pixemsgs.htm
>
> As you can see, one can spend some time sorting out meaningful messages
> for wflogs...  :-/
> Friedhelm, if you (or someone else) want to gather all error messages
> that should be treated by wflogs, I would be glad to do the parsing as
> quickly as possible.
>
>  Hervé
>
> --
>  _
> (°=  Hervé Eychenne
> //)
> v_/_ WallFire project:  http://www.wallfire.org/
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Wallfire-users mailing list
> Wal...@li...
> https://lists.sourceforge.net/lists/listinfo/wallfire-users