Cisco PIX:FullSample1

From OSSEC Wiki

Full PIX log sample 1

Sep  7 06:25:17 PIXName %PIX-7-710005: UDP request discarded from 0.0.0.0/68 to outside:255.255.255.255/67
Sep  7 06:25:23 PIXName %PIX-7-710005: UDP request discarded from 1.1.1.1/137 to outside:1.1.1.255/137
Sep  7 06:25:23 PIXName %PIX-7-710005: UDP request discarded from 1.1.1.1/137 to outside:1.1.1.255/137
Sep  7 06:25:23 PIXName %PIX-7-710005: UDP request discarded from 1.1.1.1/137 to outside:1.1.1.255/137
Sep  7 06:25:24 PIXName %PIX-7-710005: UDP request discarded from 1.1.1.1/137 to outside:1.1.1.255/137
Sep  7 06:25:24 PIXName %PIX-7-710005: UDP request discarded from 1.1.1.1/137 to outside:1.1.1.255/137
Sep  7 06:25:24 PIXName %PIX-7-710005: UDP request discarded from 1.1.1.1/137 to outside:1.1.1.255/137
Sep  7 06:25:25 PIXName %PIX-7-710005: UDP request discarded from 1.1.1.1/137 to outside:1.1.1.255/137
Sep  7 06:25:25 PIXName %PIX-7-710005: UDP request discarded from 1.1.1.1/137 to outside:1.1.1.255/137
Sep  7 06:25:25 PIXName %PIX-7-710005: UDP request discarded from 1.1.1.1/137 to outside:1.1.1.255/137
Sep  7 06:25:28 PIXName %PIX-7-609001: Built local-host db:10.0.0.1
Sep  7 06:25:28 PIXName %PIX-6-302013: Built inbound TCP connection 141968 for db:10.0.0.1/60749 (10.0.0.1/60749) to NP Identity Ifc:
10.0.0.2/22 (10.0.0.2/22)
Sep  7 06:25:28 PIXName %PIX-7-710002: TCP access permitted from 10.0.0.1/60749 to db:10.0.0.2/ssh
Sep  7 06:26:20 PIXName %PIX-5-304001: 203.87.123.139 Accessed URL 10.0.0.10:/Home/index.cfm
Sep  7 06:26:20 PIXName %PIX-5-304001: 203.87.123.139 Accessed URL 10.0.0.10:/aboutus/volunteers.cfm
Sep  7 06:26:49 PIXName %PIX-4-106023: Deny udp src outside:204.16.208.49/58939 dst dmz:10.0.0.158/1026 by access-group
"acl_outside" [0x0, 0x0]
Sep  7 06:26:49 PIXName %PIX-4-106023: Deny udp src outside: 204.16.208.49/58940 dst dmz:10.0.0.158/1027 by access-group
"acl_outside" [0x0, 0x0]
Sep  7 06:31:26 PIXName %PIX-7-711002: Task ran for 330 msec, Process= ssh_init, PC = fddd93, Traceback =   0x00FF1E6B  0x00FE1890
0x00FE0D3C  0x00FD326A  0x00FC0BFC 0x00FDBB8E  0x00FDBA4D  0x00FCD846  0x00FBF09C  0x001C76AE
0x00A01512  0x009CF6B5  0x00BDB9CE  0x00BDA502
Sep  7 06:31:32 PIXName %PIX-6-315011: SSH session from 10.0.0.254 on interface db for user "" disconnected by SSH server, reason: "TCP connection closed" (0x03)

More samples:

%PIX-7-710001: TCP access requested from 192.168.2.10/13269 to outside:192.168.2.14/ssh
%PIX-7-710001: TCP access requested from 192.168.2.10/13528 to outside:192.168.2.14/ssh
%PIX-7-710001: TCP access requested from 192.168.2.10/14154 to outside:192.168.2.14/ssh
%PIX-7-710001: TCP access requested from 192.168.2.10/19067 to outside:192.168.2.14/ssh
%PIX-7-710001: TCP access requested from 192.168.2.10/21532 to outside:192.168.2.14/ssh
%PIX-7-710001: TCP access requested from 192.168.2.10/27167 to outside:192.168.2.14/ssh
%PIX-7-710001: TCP access requested from 192.168.2.10/29488 to outside:192.168.2.14/ssh
%PIX-7-710001: TCP access requested from 192.168.2.10/32597 to outside:192.168.2.14/ssh
%PIX-7-710001: TCP access requested from 192.168.2.10/40654 to outside:192.168.2.14/ssh
%PIX-7-710001: TCP access requested from 192.168.2.10/48798 to outside:192.168.2.14/ssh
%PIX-7-710001: TCP access requested from 192.168.2.10/7180 to outside:192.168.2.14/ssh
%PIX-7-710002: TCP access permitted from 192.168.2.10/13269 to outside:192.168.2.14/ssh
%PIX-7-710002: TCP access permitted from 192.168.2.10/13528 to outside:192.168.2.14/ssh
%PIX-7-710002: TCP access permitted from 192.168.2.10/14154 to outside:192.168.2.14/ssh
%PIX-7-710002: TCP access permitted from 192.168.2.10/19067 to outside:192.168.2.14/ssh
%PIX-7-710002: TCP access permitted from 192.168.2.10/21532 to outside:192.168.2.14/ssh
%PIX-7-710002: TCP access permitted from 192.168.2.10/27167 to outside:192.168.2.14/ssh
%PIX-7-710002: TCP access permitted from 192.168.2.10/29488 to outside:192.168.2.14/ssh
%PIX-7-710002: TCP access permitted from 192.168.2.10/32597 to outside:192.168.2.14/ssh
%PIX-7-710002: TCP access permitted from 192.168.2.10/40654 to outside:192.168.2.14/ssh
%PIX-7-710002: TCP access permitted from 192.168.2.10/48798 to outside:192.168.2.14/ssh
%PIX-7-710002: TCP access permitted from 192.168.2.10/7180 to outside:192.168.2.14/ssh
%PIX-7-710005: UDP request discarded from 0.0.0.0/68 to outside:255.255.255.255/bootps
%PIX-7-710005: UDP request discarded from 192.168.1.2/137 to inside:192.168.1.255/netbios-ns
%PIX-7-710005: UDP request discarded from 192.168.1.2/138 to inside:192.168.1.255/netbios-dgm
%PIX-7-710005: UDP request discarded from 192.168.1.2/3935 to inside:192.168.1.1/1900
%PIX-7-710005: UDP request discarded from 192.168.2.1/137 to outside:192.168.2.11/netbios-ns
%PIX-7-710005: UDP request discarded from 192.168.2.1/137 to outside:192.168.2.14/netbios-ns
%PIX-7-710005: UDP request discarded from 192.168.2.11/137 to outside:192.168.2.255/netbios-ns
%PIX-7-710005: UDP request discarded from 192.168.2.11/138 to outside:192.168.2.255/netbios-dgm
%PIX-7-710005: UDP request discarded from 192.168.2.11/68 to outside:255.255.255.255/bootps
%PIX-7-710005: UDP request discarded from 192.168.2.12/137 to outside:192.168.2.255/netbios-ns
%PIX-7-710005: UDP request discarded from 192.168.2.12/138 to outside:192.168.2.255/netbios-dgm
%PIX-7-710005: UDP request discarded from 192.168.2.12/68 to outside:255.255.255.255/bootps
%PIX-7-710005: UDP request discarded from 192.168.2.13/137 to outside:192.168.2.255/netbios-ns
%PIX-7-710005: UDP request discarded from 192.168.2.13/138 to outside:192.168.2.255/netbios-dgm
%PIX-7-710005: UDP request discarded from 192.168.2.13/68 to outside:255.255.255.255/bootps
%PIX-7-710005: UDP request discarded from 192.168.2.190/137 to outside:192.168.2.255/netbios-ns
%PIX-6-315011: SSH session from 192.168.2.10 on interface outside for user "roo
" disconnected by SSH server, reason: "TCP connection closed" (0x03)
%PIX-6-604101: DHCP client interface outside: Allocated ip = 192.168.2.11, mask = 255.255.255.0, gw = 192.168.2.1
%PIX-6-604101: DHCP client interface outside: Allocated ip = 192.168.2.14, mask = 255.255.255.0, gw = 192.168.2.1
%PIX-6-604103: DHCP daemon interface inside:  address granted 000c.29e4.ebc3 (12.168.1.3)
%PIX-6-604103: DHCP daemon interface inside:  address granted 000c.29e4.ebc3 (12.168.1.4)
%PIX-6-604103: DHCP daemon interface inside:  address granted 0100.0d9d.8283.ec(192.168.1.2)
%PIX-6-605004: Login denied from 192.168.2.10/13269 to outside:192.168.2.14/ssh for user "root"
%PIX-6-605004: Login denied from 192.168.2.10/13528 to outside:192.168.2.14/ssh for user "dcid"
%PIX-6-605004: Login denied from 192.168.2.10/14154 to outside:192.168.2.14/ssh for user "root"
%PIX-3-305006: portmap translation creation failed for tcp src inside:192.168.1.2/2893 dst outside:192.168.2.99/3128
%PIX-3-305006: portmap translation creation failed for tcp src inside:192.168.1.2/2892 dst outside:192.168.2.99/3128
%PIX-3-201008: The PIX is disallowing new connections.
%PIX-3-106011: Deny inbound (No xlate) udp src outside:192.168.2.1/137 dst outside:192.168.2.14/137
%PIX-3-106011: Deny inbound (No xlate) tcp src outside:63.245.209.21/80 dst outside:192.168.2.14/1823
%PIX-3-106011: Deny inbound (No xlate) tcp src outside:195.27.11.150/80 dst outside:192.168.2.14/1717
%PIX-3-106011: Deny inbound (No xlate) tcp src outside:195.27.11.150/80 dst outside:192.168.2.14/1716
%PIX-3-106011: Deny inbound (No xlate) tcp src outside:195.27.11.143/80 dst outside:192.168.2.14/1721
%PIX-3-106011: Deny inbound (No xlate) tcp src outside:195.27.11.142/80 dst outside:192.168.2.14/1720

Retrieved from "http://www.ossec.net/wiki/index.php/Cisco_PIX:FullSample1"

From OSSEC Wiki

Full PIX log sample 1

Views

Personal tools

Navigation

Documentation

Search