RSA Admin

PIX Message 302015 missing in queries ?

Discussion created by RSA Admin Employee on Jun 24, 2010
Latest reply on Jul 24, 2010 by RSA Admin

Hello,

 

First of all I am new to enVision so I apoligize if this question is nonsense :smileyhappy:

 

Here is the proble:

 

I receive Cisco PIX messages 302015 ( Build UDP connections) and I want to make a query/report on them:

 

%PIX-6-302015: Built outbound UDP connection 22588126 for outside:69.160.33.229/53 (69.160.33.229/53) to dmz:10.10.100.10/1024 (10.10.100.10/1024)

 

Those messages should normally be in the FireWall Accounting table, according to the Message configuration:

 

Data table:FireWall Accounting

 

I configure the query like this:

 

Table: Firewall Accounting,

in MessageID: LIKE '302015'

Query on all Devices ( To be sure)

 

Unfortunately, the query returns no results.

 

Other type of messages that are sent are messages with ID 302016:

%PIX-6-302016: Teardown UDP connection 22588147 for dmz:10.10.100.16/53 to inside:10.10.50.102/1172 duration 0:00:07 bytes 326

 

If I change the query condition to LIKE '302016', it returns those messages correctly.

 

Am I missing something here?

 

Thanks

 

 

Outcomes