I don't have any PIX firewalls on 6.3.x any more and have tunnels.  The best thing to do would be to watch the syslogs, bring a tunnel down and then bring it backup.  Review the PIX system log code with the corresponding explaination:
<br><br><a href="http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a008051a0cd.html">http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a008051a0cd.html
</a><br><br>If you can find the right syslog messages, we could change the patterns to match on and go from there.<br><br>Chris<br><br><br><div><span class="gmail_quote">On 8/23/06, <b class="gmail_sendername">Brian Loe</b>
 &lt;<a href="mailto:knobdy@gmail.com">knobdy@gmail.com</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Any ideas on the what the differences might be between 
6.3 and 7.x?<br><br>and thanks, btw!<br><br><br>On 8/23/06, sawall &lt;<a href="mailto:sawall@gmail.com">sawall@gmail.com</a>&gt; wrote:<br>&gt; The following SEC (<a href="http://kodu.neti.ee/~risto/sec/">http://kodu.neti.ee/~risto/sec/
</a>) configs appear to work<br>&gt; to Monitor VPN tunnels on PIX version 7.x.&nbsp;&nbsp;The first monitors for a<br>_______________________________________________<br>syslog-ng maillist&nbsp;&nbsp;-&nbsp;&nbsp;<a href="mailto:syslog-ng@lists.balabit.hu">
syslog-ng@lists.balabit.hu</a><br><a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>Frequently asked questions at <a href="http://www.campin.net/syslog-ng/faq.html">
http://www.campin.net/syslog-ng/faq.html</a><br><br></blockquote></div><br>