Table of Contents
Advertisement
Appendix A
Cisco Security MARS XML API Reference
connection denied from 10.3.50.200/15330 to 248.64.35.88/3890 flags FIN on interface
inside</RawMessage>
from (10.3.50.200) to 105.74.127.53 on interface inside</RawMessage>
78-17020-01
<Destination ipaddress="248.64.35.88" />
<SourcePort>15330</SourcePort>
<DestinationPort>3890</DestinationPort>
<Protocol>6</Protocol>
</EventEndPoints>
<NATtedEndPoints>
<Source ipaddress="10.3.50.200" />
<Destination ipaddress="248.64.35.88" />
<SourcePort>15330</SourcePort>
<DestinationPort>3890</DestinationPort>
<Protocol>6</Protocol>
</NATtedEndPoints>
<FiringEventFlag>true</FiringEventFlag>
<RuleMatchOffset>1</RuleMatchOffset>
</Event>
<Event id="286913412">
<EventType id="1135" />
<TimeStamp>May 23, 2007 8:11:53 AM PDT</TimeStamp>
<ReportingDevice id="128783" />
<RawMessage>Wed May 23 08:11:53 2007 <134>%PIX-2-106001: Inbound TCP
<FalsePositiveType>NOT_AVAILABLE</FalsePositiveType>
<EventEndPoints>
<Source ipaddress="10.3.50.200" />
<Destination ipaddress="248.64.35.88" />
<SourcePort>15330</SourcePort>
<DestinationPort>3890</DestinationPort>
<Protocol>6</Protocol>
</EventEndPoints>
<NATtedEndPoints>
<Source ipaddress="10.3.50.200" />
<Destination ipaddress="248.64.35.88" />
<SourcePort>15330</SourcePort>
<DestinationPort>3890</DestinationPort>
<Protocol>6</Protocol>
</NATtedEndPoints>
<FiringEventFlag>false</FiringEventFlag>
</Event>
</Session>
<Session id="286914063">
<Instance>0</Instance>
<SessionEndPoints>
<Source ipaddress="10.3.50.200" />
<Destination ipaddress="105.74.127.53" />
<SourcePort>0</SourcePort>
<DestinationPort>0</DestinationPort>
<Protocol>0</Protocol>
</SessionEndPoints>
<Event id="286914063">
<EventType id="1137" />
<TimeStamp>May 23, 2007 8:13:10 AM PDT</TimeStamp>
<ReportingDevice id="128783" />
<RawMessage>Wed May 23 08:13:10 2007 <134>%PIX-2-106016: Deny IP spoof
<FalsePositiveType>NOT_AVAILABLE</FalsePositiveType>
<EventEndPoints>
<Source ipaddress="10.3.50.200" />
<Destination ipaddress="105.74.127.53" />
<SourcePort>0</SourcePort>
<DestinationPort>0</DestinationPort>
<Protocol>0</Protocol>
</EventEndPoints>
<NATtedEndPoints>
XML Incident Notification Data File and Schema
User Guide for Cisco Security MARS Local Controller
A-3
Advertisement
Table of Contents
Troubleshooting
