Cisco IOS - OSSEC Wiki

From OSSEC Wiki

Cisco IOS Samples

Full sample 1

Access list (full timestamp and message id):

Jul 10 16:07:14 cisco2621 636: .Jul 10 15:58:56.590 EDT: %SEC-6-IPACCESSLOGP: list 102 denied tcp 10.0.6.56(3067) -> 172.36.4.7(139), 1 packet

123: May  3 05:15:25.217 UTC: %SEC-6-IPACCESSLOGP: list 199 permitted tcp 10.0.40.16(3059) -> 10.0.4.101(1060), 2 packets
124: May  3 05:15:27.302 UTC: %SEC-6-IPACCESSLOGP: list 199 permitted tcp 10.0.16.16(2179) -> 10.0.4.101(1060), 1 packet
125: May  3 05:15:40.362 UTC: %SEC-6-IPACCESSLOGP: list 199 permitted tcp 10.0.32.16(4206) -> 10.0.4.101(1060), 2 packets
126: May  3 05:15:42.790 UTC: %SEC-6-IPACCESSLOGP: list 199 permitted tcp 10.131.5.17(3737) -> 10.0.4.101(445), 1 packet

127: May  3 05:23:33.404 UTC: %SEC-6-IPACCESSLOGP: list 199 denied tcp 10.0.61.108(1477) -> 10.0.127.20(445), 1 packet
128: May  3 05:23:34.416 UTC: %SEC-6-IPACCESSLOGP: list 199 denied tcp 10.0.61.108(1469) -> 10.0.127.12(445), 1 packet
129: May  3 05:23:35.524 UTC: %SEC-6-IPACCESSLOGP: list 199 denied tcp 10.0.61.108(1473) -> 10.0.127.16(445), 1 packet
130: May  3 05:23:36.528 UTC: %SEC-6-IPACCESSLOGP: list 199 denied tcp 10.0.61.108(1478) -> 10.0.127.21(445), 1 packet
131: May  3 05:23:37.528 UTC: %SEC-6-IPACCESSLOGP: list 199 denied tcp 10.0.61.108(1496) -> 10.0.127.39(445), 1 packet
132: May  3 05:23:38.540 UTC: %SEC-6-IPACCESSLOGP: list 199 denied tcp 10.0.61.108(1484) -> 10.0.127.27(445), 1 packet

4872: Dec 11 08:02:53.887 pst: %SEC-6-IPACCESSLOGP: list 100 denied udp 200.174.153.126(1028) -> 66.81.85.65(137), 1 packet
4873: Dec 11 08:03:09.583 pst: %SEC-6-IPACCESSLOGP: list 100 denied udp 195.23.72.148(1026) -> 66.81.85.65(137), 1 packet

Configured:

Jun 12 14:22:25 site1 1348: .Jun 12 18:22:22 UTC: %SYS-5-CONFIG_I: Configured from 127.0.0.21 by snmp

Retrieved from "http://www.ossec.net/wiki/index.php/Cisco_IOS"

From OSSEC Wiki

Cisco IOS Samples

Views

Personal tools

Navigation

Documentation

Search