[fwAnalog] PIX version 6.2(2) error

From: sPiDEr (list~AT~bgp5.net)
Date: Mon Sep 22 2003 - 11:18:37 CEST



Hi,

I encountered some error messages while compiling the logs using the fwanalog.sh program. Below is part of the content from analog.err. I am using PIX, version 6.2(2). In the analog.err, only "Deny TCP (no connection)" is captured, I have no clue what could be the problem, I even tried to fine tune your fwanalog.sh, but it still doesn't help.

C: 2003 Sep 11 12:32:10 10.160.0.225 Sep 11 2003 12:06:59: %PIX-6-106015: Deny TCP (no connection) from 10.161.36.42/1097 to 10.160.6.163/80 flags FIN ACK on interface inside
C: *
C: 2003 Sep 11 12:34:12 10.160.0.225 Sep 11 2003 12:09:05: %PIX-6-106015: Deny TCP (no connection) from 10.161.20.76/1392 to 10.160.6.163/2106 flags RST on interface inside
C: *
C: 2003 Sep 11 12:34:12 10.160.0.225 Sep 11 2003 12:09:05: %PIX-6-106015: Deny TCP (no connection) from 10.161.20.76/1392 to 10.160.6.163/2106 flags RST on interface inside
C: *
C: 2003 Sep 11 12:35:38 10.160.0.225 Sep 11 2003 12:10:37: %PIX-6-106015: Deny TCP (no connection) from 10.160.21.48/1531 to 10.160.6.163/80 flags FIN ACK on interface inside
C: *
C: 2003 Sep 11 12:38:58 10.160.0.225 Sep 11 2003 12:14:03: %PIX-6-106015: Deny TCP (no connection) from 10.160.21.63/2275 to 10.160.6.163/80 flags RST on interface inside
C: *
C: 2003 Sep 11 12:39:32 10.160.0.225 Sep 11 2003 12:14:37: %PIX-6-106015: Deny TCP (no connection) from 10.161.30.72/1199 to 10.160.6.163/80 flags FIN ACK on interface inside
C: *
C: 2003 Sep 11 12:40:23 10.160.0.225 Sep 11 2003 12:15:28: %PIX-6-106015: Deny TCP (no connection) from 10.160.22.42/1070 to 10.160.6.163/80 flags RST on interface inside
C: *
C: 2003 Sep 11 12:44:19 10.160.0.225 Sep 11 2003 12:19:16: %PIX-6-106015: Deny TCP (no connection) from 10.161.20.89/1263 to 10.160.6.163/80 flags RST on interface inside
C: *
analog: Warning L: Large number of corrupt lines in logfile   /var/www/html/reports/sg-fw05/fwanalog.all.log: turn debugging on or   try different LOGFORMAT
  (For help on all errors and warnings, see docs/errors.html)     Current logfile format:
      %S %j %u [%d/%M/%Y:%h:%n:%j] "%j%w%r%wHTTP%j" %c %b "%f" "%j" %t %v\n

Regards,

Andy



This archive was generated by hypermail 2.1.5 : Wed Oct 01 2003 - 12:22:03 CEST