Define your logging rules in a way that the log messages end in a space ” “ or the parser will fail.

--log-prefix "Rule 5 ACCEPT "

Compatible with PIX ver 6.1 and above. Will not give adequate results with pre 6.1 firewalls as probably they utilise different log messages for various events. Please ensure that “Logging Timestamp” command is NOT in use on the PIX. The parser uses the syslog timestamp at present (ie the clock on the logserver). Currently does not parse NAT translation messages. Parses the following PIX messages:

%PIX-4-106023
%PIX-6-302013
%PIX-6-302015
%PIX-6-106015
%PIX-6-106011
%PIX-3-313001, 302001 and 302005

These messages are the only permit/deny style messages that the PIX 6.1 and greater appear to use.

It is a working parser contributed by a user. You may need to adjust the machine names in the file.