RSA Admin

PIX Message 302015 missing in queries ?

Discussion created by RSA Admin Employee on Jun 24, 2010
Latest reply on Jul 24, 2010 by RSA Admin



First of all I am new to enVision so I apoligize if this question is nonsense :smileyhappy:


Here is the proble:


I receive Cisco PIX messages 302015 ( Build UDP connections) and I want to make a query/report on them:


%PIX-6-302015: Built outbound UDP connection 22588126 for outside: ( to dmz: (


Those messages should normally be in the FireWall Accounting table, according to the Message configuration:


Data table:FireWall Accounting


I configure the query like this:


Table: Firewall Accounting,

in MessageID: LIKE '302015'

Query on all Devices ( To be sure)


Unfortunately, the query returns no results.


Other type of messages that are sent are messages with ID 302016:

%PIX-6-302016: Teardown UDP connection 22588147 for dmz: to inside: duration 0:00:07 bytes 326


If I change the query condition to LIKE '302016', it returns those messages correctly.


Am I missing something here?