CISCOFW106006_106007_106010 not matching
Opened this issue · 1 comments
anubisg1 commented
example log message:
<187>Apr 30 2013 09:23:40: %ASA-3-106010: Deny inbound sctp src INET:8.8.8.8/57997 dst INET:192.168.0.1/9000
the reason why it doesn;'t match is because INET:
in front of source and dst ip address isn't accounted for (which i believe is the firewall interface name).
furthermore (?:(%{DATA:[destination][user][name]}))? (?:(?:on interface %{NOTSPACE:[observer][egress][interface][name]})|(?:due to %{CISCO_REASON:[event][reason]}))` it's supposed to be fully optional but only matches up to [destination][user][name]
another failed match
%ASA-3-106010: Deny inbound protocol 47 src INET:60.41.177.74 dst INET:217.111.247.78
anubisg1 commented
according to
106010
Error Message %ASA-3-106010: Deny inbound protocol src [interface_name : source_address/source_port ] [([idfw_user | FQDN_string ], sg_info )] dst [interface_name : dest_address /dest_port }[([idfw_user | FQDN_string ], sg_info )]