Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
Catch All : Level 3 |
Base Rule |
General Operations |
Other Operations |
|
PIX-1-101001 : Healthy Failover Cable |
Sub Rule |
Healthy Failover Cable |
Information |
|
PIX-1-101002 : Bad Failover Cable |
Sub Rule |
Bad Failover Cable |
Error |
|
PIX-1-101003 : Failover Cable Is Disconnected |
Sub Rule |
Failover Cable Is Disconnected |
Error |
|
PIX-1-101004 : Failover Cable Is Disconnected |
Sub Rule |
Failover Cable Is Disconnected |
Error |
|
PIX-1-101005 : Err Obtaining Failover Cable Status |
Sub Rule |
Error Obtaining Failover Cable Status |
Error |
|
PIX-1-105020 : Configuration Replication Error |
Sub Rule |
Configuration Replication Error |
Error |
|
PIX-1-105006 : Network Link Status Is Up |
Sub Rule |
Network Link Status Is Up |
Information |
|
PIX-1-105031 : Network Link Status Is Up |
Sub Rule |
Network Link Status Is Up |
Information |
|
PIX-1-105007 : Network Link Status Is Down |
Sub Rule |
Network Link Status Is Down |
Error |
|
PIX-1-105032 : Network Link Status Is Down |
Sub Rule |
Network Link Status Is Down |
Error |
|
General Cisco PIX Error (Severity 3) |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-109016 : Cannot Find Authorization ACL |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-109018 : Downloaded ACL Acl_ID Is Empty |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-109019 : Downloaded ACL Acl_ID Has Parsing Error |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-109020 : Downloaded ACL Has Config Error |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-210006 : LU Look NAT For IP_Address Failed |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-702302 : Replay Rollover Detected |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-201002 : Too Many Conn on Global_Address |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-407002 : Embryonic Limit Neconns/Elimit |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-318007 : OSPF Is Enabled on Interface_Name |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-318008 : OSPF Proc Number Is Chng Router-Id |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-403503 : PPPoE:PPP Link Down |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-403504 : No Vpdn Group For PPPoE Is Created |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-403505d : Unable to Set Default Route |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-403506 : PPPoE:Failed to Assign PPP IPaddress |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-317004 : IP Routing Table Limit Warning |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-317005 : IP Routing Table Limit Exceeded |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-318001 : Internal Error |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-318002 : Flagged as an ABR W/O A Backbone |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-318003 : Unknown State in Neighbor State |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-318006 : If Interface_Name If_State Number |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-213002 : PPTP Tunnel Hashtable Insert Failed |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-213003 : Software Error |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-302019 : H.323 ASN Library Fail to Initialize |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-317001 : No Memory Available For Limit_Slow |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-317002 : Bad Path Index Number For IP_Address |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-317003 : IP Routing Table Creation Failure |
Sub Rule |
General Cisco Error (Severity 3) |
Error |
|
PIX-3-209001 : IPFRAG : Unable to Alloc Frag Record |
Sub Rule |
IPFRAG: Unable to Allocate Frag Record |
Error |
|
PIX-6-602301 : SA Created |
Sub Rule |
SA Created |
Warning |
|
PIX-4-308002 : Static Netmask Overlapped |
Sub Rule |
Static Netmask Overlapped |
Warning |
|
PIX-3-109010 : Authentication Server Unable |
Sub Rule |
Authentication Server Unable to Process Request |
Error |
|
PIX-6-302009 : Rebuilt TCP Connection Id |
Sub Rule |
Rebuilt TCP Connection ID |
Network Traffic |
|
PIX-3-309001 : Denied Connection to Management Port |
Sub Rule |
Denied Connection to Management Port |
Failed Activity |
|
PIX-6-302002 : Teardown TCP Connection Id |
Sub Rule |
Connection Teardown |
Network Traffic |
|
PIX-6-302006 : Teardown UDP Connection |
Sub Rule |
Connection Teardown |
Network Traffic |
|
PIX-6-302001 : Built TCP Connection Id |
Sub Rule |
Built TCP Connection ID |
Network Traffic |
|
PIX-6-305002 : Translation Built |
Sub Rule |
Translation Built |
Network Traffic |
|
PIX-6-311002 : LU Loading Standby End |
Sub Rule |
LU Loading Standby End |
Information |
|
PIX-1-103001 : Unable to Communicate With Failover |
Sub Rule |
Unable to Communicate With Failover Device |
Error |
|
PIX-1-105005 : Unable to Communicate with Failover |
Sub Rule |
Unable to Communicate With Failover Device |
Error |
|
PIX-1-105011 : Unable to Communicate With Failover |
Sub Rule |
Unable to Communicate With Failover Device |
Error |
|
PIX-1-105035 : Unable to Communicate With Failover |
Sub Rule |
Unable to Communicate With Failover Device |
Error |
|
PIX-1-103003 : Bad Failover Device NIC |
Sub Rule |
Bad Failover Device NIC |
Error |
|
PIX-1-105002 : Failover Enabled |
Sub Rule |
Failover Enabled |
Information |
|
PIX-1-105004 : Failover Communications Test Passed |
Sub Rule |
Failover Communications Test Passed |
Information |
|
PIX-4-403101 : PPTP Session State Not Established |
Sub Rule |
Session Information |
Information |
|
PIX-3-212002 : Unable to Open SNMP Trap Channel |
Sub Rule |
Unable to Open SNMP Trap Channel (UDP Port) |
Error |
|
PIX-3-203001 : ESP Error: No Key SPI |
Sub Rule |
ESP Error: No Key SPI |
Error |
|
PIX-3-305005 : No Translation Group Found |
Sub Rule |
No Translation Group Found For Protocol |
Error |
|
PIX-6-109003 : Unable to Communicate With Authentic |
Sub Rule |
Unable to Communicate With Authentication Server |
Error |
|
PIX-6-109002 : Unable to Communicate With Authentic |
Sub Rule |
Unable to Communicate With Authentication Server |
Error |
|
PIX-3-212001 : Unable to Open SNMP Channel |
Sub Rule |
Unable to Open SNMP Channel (UDP Port) |
Error |
|
PIX-7-702303 : SA Request |
Sub Rule |
SA Request |
Other Audit |
|
PIX-3-210010 : LU Make UDP Connection Failed |
Sub Rule |
LU Make UDP Connection Failed |
Error |
|
PIX-6-305004 : Teardown Portmap Translation |
Sub Rule |
Teardown Portmap Translation |
Information |
|
PIX-3-110002 : No ARP For Host |
Sub Rule |
No ARP For Host |
Error |
|
PIX-7-709006 : End Configuration Replication (STB) |
Sub Rule |
End Configuration Replication (STB) |
Information |
|
PIX-4-402103 : ID Does Not Match Negotiated ID |
Sub Rule |
IPSec Identity Doesn't Match Negotiated Identity |
Warning |
|
PIX-6-199003 : Reducing Link MTU |
Sub Rule |
Reducing Link MTU Dec. |
Information |
|
PIX-3-210001 : LU SW Module Error |
Sub Rule |
Statefull Failover |
Warning |
|
PIX-3-210007 : Trans Slot Alloc Failure |
Sub Rule |
Translation Slot Allocation Failure |
Error |
|
PIX-3-212005 : Incoming SNMP Exceeds Buffer |
Sub Rule |
Incoming SNMP Request Exceeds Data Buffer |
Warning |
|
PIX-3-213004 : IP Allocation Failure |
Sub Rule |
IP Address Allocation Failure |
Error |
|
PIX-3-305008 : Free Unallocated Global IP Address |
Sub Rule |
Free Unallocated Global IP Address |
Warning |
|
PIX-6-603101 : PPTP Rx Bad Sequence |
Sub Rule |
Duplicate Or Out of Sequence PPTP Packet Rec |
Network Traffic |
|
PIX-6-604104 : Daemon Address Released |
Sub Rule |
DHCP Address Released |
Information |
|
ASA-1-105043 : Failover Interface Fail |
Sub Rule |
Cannot Failover |
Error |
|
ASA-1-713900 : Unable to Construct XAuth Message |
Sub Rule |
Authentication Error |
Error |
|
PIX-5-109011 : Authentication Session Started |
Sub Rule |
Authentication Activity |
Authentication Success |
|
PIX-6-109001 : Authentication Request |
Sub Rule |
Authentication Activity |
Authentication Success |
|
PIX-5-109012 : Authentication Session Ended |
Sub Rule |
Authentication Activity |
Authentication Success |
|
PIX-6-109006 : Failed Remote Authentication |
Sub Rule |
User Logon Failure |
Authentication Failure |
|
PIX-6-307003 : Telnet Login Session Failed |
Sub Rule |
User Logon Failure |
Authentication Failure |
|
PIX-3-307001 : Denied Telnet Login Session |
Sub Rule |
User Logon Failure |
Authentication Failure |
|
PIX-5-111001 : Begin Config Writing to Device |
Sub Rule |
Configuration Enabled : Network Access |
Configuration |
|
PIX-5-111003 : Erase Configuration |
Sub Rule |
Configuration Deleted : Network Access |
Configuration |
|
PIX-6-109009 : Failed Authorization Request |
Sub Rule |
Authentication Failure Activity |
Authentication Failure |
|
PIX-6-109008 : Failed Authorization Request |
Sub Rule |
Authentication Failure Activity |
Authentication Failure |
|
PIX-7-109014 : Uauth_Lookup Failed |
Sub Rule |
Authentication Failure Activity |
Authentication Failure |
|
General Cisco PIX Alert (Severity 1) |
Sub Rule |
General Cisco Alert (Severity 1) |
Critical |
|
PIX-1-105034 : Rx LAN_FAILOVER_UP Msg From Peer |
Sub Rule |
General Cisco Alert (Severity 1) |
Critical |
|
PIX-1-105036 : Dropped A LAN Failover Cmd Msg |
Sub Rule |
General Cisco Alert (Severity 1) |
Critical |
|
PIX-1-105037 : Primary and Standby Units Switching |
Sub Rule |
General Cisco Alert (Severity 1) |
Critical |
|
PIX-1-709003 : Beginning Configuration Replication |
Sub Rule |
General Cisco Alert (Severity 1) |
Critical |
|
PIX-1-709004 : End Configuration Replication |
Sub Rule |
General Cisco Alert (Severity 1) |
Critical |
|
PIX-1-106101 : Denied Net Flows Cache Limit Reached |
Sub Rule |
Denied Network Flows Cache Limit Reached |
Warning |
|
PIX-1-102001 : Power Failure Detected in Other Device |
Sub Rule |
Power Failure Detected in Other Failover Device |
Error |
|
PIX-3-210003 : Unknown LU Object |
Sub Rule |
Power Failure Detected in Other Failover Device |
Error |
|
PIX-1-103002 : Healthy Failover Device NIC |
Sub Rule |
Healthy Failover Device NIC |
Information |
|
PIX-1-103004 : Failover Device Reporting Other Devi |
Sub Rule |
Failover Device Reporting Other Device Failure |
Critical |
|
PIX-1-105001 : Failover Disabled |
Sub Rule |
Failover Disabled |
Warning |
|
PIX-1-105003 : Testing Failover Communications |
Sub Rule |
Testing Failover Communications |
Information |
|
PIX-1-105008 : Testing Failover Communications |
Sub Rule |
Testing Failover Communications |
Information |
|
PIX-6-199002 : PIX Startup Completed |
Sub Rule |
Process/Service Started |
Startup and Shutdown |
|
PIX-5-199002 : Startup Completed |
Sub Rule |
Process/Service Started |
Startup and Shutdown |
|
PIX-6-305007 : Orphan IP on Interface |
Sub Rule |
Orphan IP on Interface |
Information |
|
PIX-3-202004 : Couldn’t Find |
Sub Rule |
Couldn't Find |
Error |
|
PIX-3-202003 : Could Not Find Xlate Getaddress |
Sub Rule |
Couldn't Find |
Error |
|
PIX-3-702301 : Lifetime Expiring |
Sub Rule |
Lifetime Expiring |
Information |
|
PIX-7-702301 : Lifetime Expiring |
Sub Rule |
Lifetime Expiring |
Information |
|
PIX-7-702302 : Replay Rollover Detected |
Sub Rule |
Replay Rollover Detected |
Information |
|
PIX-6-602102 : Adjusting IPSec Tunnel MTU |
Sub Rule |
Adjusting IPSec Tunnel MTU |
Information |
|
PIX-2-304008 : Leaving Allow Mode |
Sub Rule |
Leaving Allow Mode, URL Server Is Up |
Warning |
|
PIX-3-304008 : Leaving Allow Mode, URL Server Is Up |
Sub Rule |
Leaving Allow Mode, URL Server Is Up |
Warning |
|
PIX-6-602302 : Deleting SA |
Sub Rule |
Deleting SA |
Warning |
|
PIX-3-202005 : Non-Embryonic in Embryonic List |
Sub Rule |
Non-Embryonic in Embryonic List |
Error |
|
PIX-4-402102 : Decapsulate: Packet Missing |
Sub Rule |
Decapsulate: Packet Missing |
Warning |
|
PIX-2-106003 : Denied Connection Due to JAVA Applet |
Sub Rule |
Denied Connection Due to JAVA Applet |
Failed Activity |
|
PIX-7-709001 : FO Replication Failed |
Sub Rule |
FO Replication Failed |
Information |
|
PIX-6-305001 : Portmapped Translation Built |
Sub Rule |
Portmapped Translation Built |
Other Operations |
|
PIX-6-304004 : URL Server Request Failed |
Sub Rule |
URL Server Request Failed |
Error |
|
PIX-2-110003 : No Interface Is Config (With Nameif) |
Sub Rule |
No Interface Is Configured (With Nameif) |
Information |
|
PIX-3-210002 : LU Allocate Block Failed |
Sub Rule |
Failover Message Block Allocation Failed |
Error |
|
PIX-3-105010 : Failover Message Block Alloc Failed |
Sub Rule |
Failover Message Block Allocation Failed |
Error |
|
PIX-1-105010 : Failover Msg Block Alloc Failed |
Sub Rule |
Failover Message Block Allocation Failed |
Error |
|
PIX-7-304005 : URL Server Request Pending |
Sub Rule |
URL Server Request Pending |
Information |
|
PIX-3-201005 : FTP Data Connection Failed |
Sub Rule |
FTP Data Connection Failed |
Error |
|
PIX-3-304006 : URL Server Not Responding |
Sub Rule |
URL Server Not Responding |
Error |
|
PIX-3-208005 : Clear Command Return Code |
Sub Rule |
Clear Command Return Code |
Warning |
|
PIX-3-210005 : LU Connection Allocation Failed |
Sub Rule |
Failover Connection Allocation Failure |
Warning |
|
PIX-3-213001 : TCP Socket Error |
Sub Rule |
TCP Socket I/O Error |
Error |
|
PIX-3-302302 : IPSec Proxy Mismatch |
Sub Rule |
IPSec Proxy Mismatch |
Warning |
|
PIX-6-604102 : DHCP Client Address Released |
Sub Rule |
DHCP Client Address Released |
Information |
|
PIX-6-605002 : HTTP Daemon Conn Limit Exceeded |
Sub Rule |
HTTP Daemon Connection Limit Exceeded |
Warning |
|
PIX-6-302010 : Conns in Use, Conns Most Used |
Sub Rule |
Connection Information |
Information |
|
PIX-6-307002 : Permitted Telnet Login Session |
Sub Rule |
User Logon |
Authentication Success |
|
PIX-6-109005 : Remote Authentication |
Sub Rule |
User Logon |
Authentication Success |
|
PIX-5-111006 : Console Login From User |
Sub Rule |
User Logon |
Authentication Success |
|
PIX-2-112001 : Pix Clear Finished |
Sub Rule |
Configuration Modified : Network Access |
Configuration |
|
PIX-5-111005 : End Configuration: OK |
Sub Rule |
Configuration Modified : Network Access |
Configuration |
|
PIX-5-111004 : End Configuration |
Sub Rule |
Configuration Modified : Network Access |
Configuration |
|
PIX-5-111007 : Begin Config: Reading From Device |
Sub Rule |
Configuration Loaded : Network Access |
Configuration |
|
PIX-3-209002 : IPFRAG: First Frag Not Been Seen |
Sub Rule |
IPFRAG: First Frag Have Not Been Seen |
Warning |
|
PIX-6-305003 : Teardown Translation |
Sub Rule |
Translation Teardown |
Network Traffic |
|
PIX-6-210022 : LU Missed Number Updates |
Sub Rule |
LU Missed Number Updates |
Information |
|
PIX-6-302004 : Pre-Allocate H323 UDP Backconnection |
Sub Rule |
Pre-Allocate H323 Backconnection |
Information |
|
PIX-2-108002 : Replaced Invalid Characters in Email |
Sub Rule |
Replaced Invalid Characters in Email Address |
Warning |
|
PIX-6-302005 : Built UDP Connection |
Sub Rule |
Built UDP Connection |
Network Traffic |
|
PIX-4-402101 : Decapsulate: Rx IPSEC Packet |
Sub Rule |
Decapsulate: Rec'd IPSEC Packet Has Invalid SPI |
Warning |
|
PIX-4-402106 : Rx Packet Not an IPSEC Packet |
Sub Rule |
Rec'd Packet Not an IPSEC Packet |
Warning |
|
PIX-6-311003 : LU Rx Thread Up |
Sub Rule |
LU Recv Thread Up |
Information |
|
PIX-6-303002 : Address Stored Or Retrieved |
Sub Rule |
Address Stored Or Retrieved |
Information |
|
PIX-6-311004 : LU Xmit Thread Up |
Sub Rule |
LU Xmit Thread Up |
Information |
|
PIX-6-311001 : LU Loading Standby Start |
Sub Rule |
LU Loading Standby Start |
Information |
|
PIX-3-210020 : LU PAT Port Reserve Failure |
Sub Rule |
Pat Port Allocation Failure |
Warning |
|
PIX-3-210021 : Translation Slot Creation Failure |
Sub Rule |
Translation Slot Creation Failure |
Warning |
|
PIX-3-211001 : Memory Allocation Failure |
Sub Rule |
Memory Allocation Failure |
Error |
|
PIX-3-212003 : Unable to Receive SNMP Request |
Sub Rule |
Unable to Receive SNMP Request |
Warning |
|
PIX-6-109007 : Successful Authorization Request |
Sub Rule |
Access Granted Activity |
Access Granted |
|
PIX-2-106017 : Dropped Packet Due to Land Attack |
Sub Rule |
Failed Host Denial of Service |
Failed Denial of Service |
|
PIX-6-106015 : Dropped Non-Stateful TCP Traffic |
Sub Rule |
Failed Protocol Anomaly |
Failed Attack |
|
PIX-1-103005 : Failover Device Reporting Failure |
Sub Rule |
Failover Device Reporting Failure |
Critical |
|
PIX-1-104001 : Failover Devices Have Switched Roles |
Sub Rule |
Failover Devices Have Switched Roles |
Warning |
|
PIX-1-104002 : Failover Devices Have Switched Roles |
Sub Rule |
Failover Devices Have Switched Roles |
Warning |
|
PIX-1-104003 : Primary Or Secondary Failover Device |
Sub Rule |
Primary Or Secondary Failover Device Has Failed |
Critical |
|
PIX-1-104004 : Previously Failed Device Back Online |
Sub Rule |
Previously Failed Device Back Online |
Warning |
|
PIX-5-304001 : Accessed URL |
Sub Rule |
Object Accessed |
Access Success |
|
PIX-3-305006 : Type Translation Creation Failed |
Sub Rule |
Type Translation Creation Failed For Protocol |
Error |
|
PIX-7-701001 : Alloc_User Out of Tcp User Objects |
Sub Rule |
Alloc_user() Out of TCP User Objects |
Information |
|
PIX-3-210008 : LU No Xlate |
Sub Rule |
LU No Xlate |
Error |
|
PIX-7-709002 : FO Unreplicable |
Sub Rule |
FO Unreplicable |
Information |
|
PIX-3-201006 : RCMD Backconnection Failed |
Sub Rule |
RCMD Backconnection Failed |
Error |
|
PIX-3-212004 : Unable to Send an SNMP Response |
Sub Rule |
Unable to Send an SNMP Response |
Error |
|
PIX-6-602101 : PMTU-D Packet Greater Than Effective |
Sub Rule |
PMTU-D Packet Greater Than Effective MTU |
Warning |
|
PIX-3-304007 : Server Not Responding |
Sub Rule |
Server Not Responding |
Critical |
|
PIX-6-309002 : Permitted Conn to Management Port |
Sub Rule |
Permitted Connection to Management Port |
Activity |
|
PIX-3-201007 : Unable to Alloc New UDP Connection |
Sub Rule |
Unable to Allocate New UDP Connections |
Error |
|
PIX-3-202002 : Getxlate Failed |
Sub Rule |
Getxlate Failed |
Error |
|
PIX-1-105009 : Testing on Interface |
Sub Rule |
Testing on Interface |
Warning |
|
PIX-3-201008 : Disallowing New Connections |
Sub Rule |
Disallowing New Connections |
Warning |
|
PIX-3-315004 : Fail to Establish SSH Session HKRF |
Sub Rule |
Failed to Establish SSH Session |
Warning |
|
PIX-4-403103 : PPP VI Max Conn Reached |
Sub Rule |
PPP Virtual Interface Max Connections Reached |
Warning |
|
PIX-6-302003 : Built H245 Connection |
Sub Rule |
Connection Built |
Network Traffic |
|
ASA-6-720040 : VPN Client Failover Standby State |
Sub Rule |
System in Standby Mode |
Information |
|
PIX-5-304002 : Denied Access to URL |
Sub Rule |
Access Object Failure |
Access Failure |
|
ASA-1-105042 : Failover Interface Ok |
Sub Rule |
Failover |
Error |
|
PIX-6-308001 : Cisco PIX Console Bad Enable Password |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-4-403102 : PPP VI Rx Pkt With Inv Port |
Sub Rule |
Suspicious Activity |
Suspicious |
|
General Cisco PIX Warning (Severity 4) |
Sub Rule |
General Cisco Warning (Severity 4) |
Warning |
|
PIX-4-403104 : MS-CHAP Not Configured |
Sub Rule |
General Cisco Warning (Severity 4) |
Warning |
|
PIX-4-403106 : Radius Authentication Not Configured |
Sub Rule |
General Cisco Warning (Severity 4) |
Warning |
|
PIX-4-403107 : AAA Server Config Info Not Found |
Sub Rule |
General Cisco Warning (Severity 4) |
Warning |
|
PIX-4-403108 : PPP Virtual Intrf Missing Client IP |
Sub Rule |
General Cisco Warning (Severity 4) |
Warning |
|
PIX-2-106002 : Denied Conn Due to Outbound ACL |
Sub Rule |
General Cisco Warning (Severity 4) |
Warning |
|
General Cisco PIX Notification (Severity 5) |
Sub Rule |
General Cisco Notification (Severity 5) |
Information |
|
General Cisco PIX Information (Severity 6) |
Sub Rule |
General Cisco Information (Severity 6) |
Information |
|
General Cisco PIX Debug (Severity 7) |
Sub Rule |
General Cisco Debug |
Information |
|
PIX-6-199005 : PIX Startup Begin |
Sub Rule |
Process/Service Starting |
Startup and Shutdown |
|
ASA-6-720039 : VPN Client Failover Active State |
Sub Rule |
Set Client Active |
Information |
|
PIX-3-109013 : Attempt to Use Service Before Auth |
Sub Rule |
Failed Suspicious Host Activity |
Failed Suspicious |
|
PIX-1-709005 : Beginning Configuration Replication |
Sub Rule |
General Cisco Alert (Severity 1) |
Critical |
|
PIX-1-709006 : End Configuration Replication (STB) |
Sub Rule |
General Cisco Alert (Severity 1) |
Critical |
|
General Cisco PIX Emergency (Severity 0) |
Sub Rule |
General Cisco Emergency |
Critical |
|
PIX-5-199001 : PIX Reload Command Executed |
Sub Rule |
Command Executed |
Access Success |
|
PIX-5-111008 : User Executed the Chars Command |
Sub Rule |
Command Executed |
Access Success |
|
PIX-4-733100 : Scanning Drop Rate Exceeded |
Sub Rule |
General Attack Activity |
Attack |
|
PIX-4-401001 : Shuns Cleared |
Sub Rule |
General Warning |
Warning |
|
General Cisco PIX Critical Event (Severity 2) |
Sub Rule |
General Cisco Critical Event (Severity 2) |
Critical |
|
PIX-2-214001 : Terminating Manager Session |
Sub Rule |
General Cisco Critical Event (Severity 2) |
Critical |
|
PIX-2-304009 : Ran Out of Buffer Blocks |
Sub Rule |
General Cisco Critical Event (Severity 2) |
Critical |
|
PIX-2-709007 : Configuration Replication Failed |
Sub Rule |
General Cisco Critical Event (Severity 2) |
Critical |
|
PIX-2-215001 : Bad Route_Compress Call |
Sub Rule |
General Cisco Critical Event (Severity 2) |
Critical |
|
PIX-3-202001 : Out of Add Trans Slots |
Sub Rule |
IP Network Address Translation Error |
Error |
|
PIX-3-211003 : High CPU Usage |
Sub Rule |
CPU Monitor Warning |
Warning |
|
PIX-2-201003 : Embryonic Connection Limit Exceeded |
Sub Rule |
Network Denial of Service |
Denial of Service |
|
PIX-3-403501 : Denied Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-3-403502 : Denied Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-3-106011 : Deny Inbound Packet (No Xlate) |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-2-106007 : Denied Inbound UDP Packet Due to DNS |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-2-106008 : Denied Inbound Traffic |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-2-106002 : Denied Conn Due to Outbound ACL |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-2-106006 : Denied Inbound UDP Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-3-106010 : Denied Inbound Traffic |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-2-106013 : Dropped Echo Request |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-2-106016 : Dropped Packet Due to IP Spoof |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
BPDU Denied |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-2-106018 : Denied Outbound ICMP Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-3-106014 : Denied Inbound ICMP Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-2-106009 : Denied Outbound Traffic |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-2-106012 : Dropped Packet Having IP Options |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-2-106001 : Denied Inbound TCP Connection |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-7-106011 : Deny Inbound Packet (No Xlate) |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<vmid> |
Number |
|
N/A |
<vendorinfo> |
Text/String |
|
N/A |
<severity> |
Number |
|
N/A |
<login> |
Text/String |
|
N/A |
<reason> |
Text/String |
|
N/A |
<tag1> |
Number |
|
N/A |
<objecttype> |
Text/String |