[ossec-list] Cisco log sample

["McClinton, Rick" <rmcclinton@xxxxxxxxxxxxxxxx>]

I’m sorry, but I can’t locate the instructions to unlock editing for my wiki account. 

 

I’ve implemented syslog from one of my routers, and some packets are being blocked by its access control lists. Ossec is emailing me at level 7, unknown problem somewhere in the system. I’m using regular syslog – I tried ossec syslog, but I could not find where it was storing the log after receiving and processing it. If Ossec could receive syslog from multiple hosts, and store normal syslog files separated by host, I’d be chuffed; but I’m OK with using normal syslog for now. Here’s what the cisco is sending:

 

Jul 10 16:07:14 cisco2621 636: .Jul 10 15:58:56.590 EDT: %SEC-6-IPACCESSLOGP: list 102 denied tcp 10.0.6.56(3067) -> 172.36.4.7(139), 1 packet

 

Please take this as a log sample, and thanks again for Ossec.

--
Rick McClinton
Sr. Systems Engineer
Tel: (703) 564-5241
Fax: (703) 564-4415
Cell: (703) 380-4687
Email: rmcclinton@xxxxxxxxxxxxxxxx

TMA Resources, Inc
1919 Gallows Road, Ste #400 | Vienna, VA | 22182
http://www.tmaresources.com

 

This message contains TMA Resources confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.