# LCE PRM LIBRARY # Copyright 2007 Tenable Network Security # This library may only be used with the LCE server and may not # be used with other products or open source projects # # NAME: # PRM Parser for FastIron switch events # # DESCRIPTION: # This library is used to process logs from Extreme switches # # LAST UPDATED: $Date: 2011/08/22 00:54:47 $ id=4632 name=This FastIron switch has an interface which is down. match=FastIron match=ce match=ace match=Interface ethernet match=sta match=ate match=, state down log=event:FastIron-Switch_Interface_Down type:error NEXT id=4633 name=This FastIron switch has a disabled port. match=FastIron match=TP match=St match=ate match= STP State -> DISABLED (PortDown) match=Do match=ST log=event:FastIron-Switch_PortDown type:error NEXT id=4634 name=This FastIron switch has an interface which is up. match=FastIron match=ce match=ace match=Interface ethernet match=sta match=ate match=, state up log=event:FastIron-Switch_Interface_Up type:system NEXT id=4635 name=This FastIron switch has a port that is in the listening state. match=FastIron match=IN match=TP match=St match=ate match=ing match=EN match=STP State -> LISTENING (MakeFwding) match=ST log=event:FastIron-Switch_Listening type:system NEXT id=4636 name=This FastIron switch has a port that is in a learning state. match=FastIron match=IN match=TP match=St match=ate match=STP State -> LEARNING (FwdDlyExpiry) match=ST log=event:FastIron-Switch_Learning type:system NEXT id=4637 name=This FastIron switch has a port that is forwarding packets to a VLAN. match=FastIron match=IN match=TP match=St match=ate match=STP State -> FORWARDING (FwdDlyExpiry) match=ST match=FO log=event:FastIron-Switch_Forwarding type:system NEXT id=4638 name=This FastIron switch has SNMP access rejected. match=SNMP match=MP match=FastIron match=ecu match=rom match=ce match=ty match=ss match=Security: SNMP access from src match=acc match=Secur match=reject match=ect regex=src IP ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+) log=event:FastIron-Switch_SNMP_Access_Rejected srcip:$1 type:access-denied