sorry if this get re posted. > I am explorer in the IDS capabililities which are part of the pix ip audit > config. I am using version 5.3.1. > > I have the following commands in the config > > ip audit attack action alarm > ip audit info action alarm > > according to the syslog Docs things which trip the IDS will be logged as > 4000nnn events. > > To check my logs for this informatin I grep the log for events that match > grep -i %pix-4-4000 pix.log and grep -i pix-4 > > I check the last few weeks of logs and did not find anything with a matching > patterns. Am I doing something wrong? or am I just lucky( for the last few > weeks?) > > Todd > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
