<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<font face="Calibri" size="2"><span style="font-size:11pt;">
<div>The IP from mgalnxa01 is 10.96.145.42</div>
<div> </div>
<div>This its example from tcpdump</div>
<div> </div>
<div><font face="Courier New">/usr/sbin/tcpdump -vn port 9514 -i eth1</font></div>
<div> </div>
<div><font face="Courier New">tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes</font></div>
<div><font face="Courier New">14:11:19.670962 IP (tos 0x20, ttl 251, id 16868, offset 0, flags [none], proto UDP (17), length 244)</font></div>
<div><font face="Courier New"> 10.96.145.98.syslog > 10.96.145.42.9514: SYSLOG, length: 216</font></div>
<div><font face="Courier New"> Facility user (1), Severity info (6)</font></div>
<div><font face="Courier New"> Msg: Mar 25 17:11:19 2020 RTCGNMGA0103 RT_NAT: RT_SRC_NAT_PBA_ALLOC: Subscriber 100.64.1.59 used/maximum [2/2] blocks, allocates port block [63616-63679] from 177.51.116.174 in source pool PUBLIC-NAT-POOL-1 lsys_id: 0</font></div>
<div> </div>
<div><font face="Courier New">14:15:45.153159 IP (tos 0x20, ttl 251, id 16869, offset 0, flags [none], proto UDP (17), length 245)</font></div>
<div><font face="Courier New"> 10.96.145.98.syslog > 10.96.145.42.9514: SYSLOG, length: 217</font></div>
<div><font face="Courier New"> Facility user (1), Severity info (6)</font></div>
<div><font face="Courier New"> Msg: Mar 25 17:15:44 2020 RTCGNMGA0103 RT_NAT: RT_SRC_NAT_PBA_RELEASE: Subscriber 100.64.1.59 used/maximum [1/2] blocks, releases port block [63616-63679] from 177.51.116.174 in source pool PUBLIC-NAT-POOL-1 lsys_id: 0
</font></div>
<div> </div>
<div>Atenciosamente,</div>
<div> </div>
<div>WILLIAM LUIZ R V SILVA </div>
<div>Mediation</div>
<div> </div>
<div>Ericsson</div>
<div>Rua Maria Preste Maia, 300</div>
<div>02879-130, Brazil</div>
<div>Phone +55 11 2760-3785</div>
<div>Mobile +55 11 97979-9886</div>
<div>wsilva_ericsson@timbrasil.com.br</div>
<div><a href="http://www.ericsson.com">www.ericsson.com</a> </div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div>-----Mensagem original-----<br>
De: syslog-ng <syslog-ng-bounces@lists.balabit.hu> Em nome de Matus UHLAR - fantomas<br>
Enviada em: quarta-feira, 25 de março de 2020 15:13<br>
Para: syslog-ng@lists.balabit.hu<br>
Assunto: Re: [syslog-ng] RES: Problem to Get UDP Packets - Syslog-ng</div>
<div> </div>
<div>On 25.03.20 17:54, William Luiz Ribeiro Vasconcelos Da Silva wrote:</div>
<div>>I still understand that it is not a firewall, because the machine that </div>
<div>>sends the packets is on the same network as my machine: 10.96.145.98> </div>
<div>>10.96.145.42</div>
<div> </div>
<div>iptables on destination linux machine is also a firewall.</div>
<div>firewall does not necessarily mean another machine</div>
<div> </div>
<div>>Yes, I am receiving the packets on the network interface where the IP "10.96.145.42" is allocated, in my case eth1.</div>
<div> </div>
<div>is it the "mgalnxa01" in your capture example below?</div>
<div> </div>
<div>>10:46:13.529331 IP (tos 0x20, ttl 251, id 33055, offset 0, flags [none], proto UDP (17), length 243)</div>
<div>> 10.96.145.98.syslog > mgalnxa01.9514: [udp sum ok] SYSLOG, length: </div>
<div>>215</div>
<div> </div>
<div>next time run tcpdump with "-n" option</div>
<div> </div>
<div> </div>
<div>--</div>
<div>Matus UHLAR - fantomas, <a href="mailto:uhlar@fantomas.sk">uhlar@fantomas.sk</a> ; <a href="https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fantomas.sk%2F&data=02%7C01%7Cwsilva_ericsson%40timbrasil.com.br%7Cfe6a5330623642b5985f08d7d0e81996%7C57b8c96eac2f4d78a149f1fc6817d3c4%7C0%7C0%7C637207567601775321&sdata=UCoCK%2BXjh2XkiCz0SKZlS%2FbwU7mgTErYtimnz%2FzgI8w%3D&reserved=0">https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fantomas.sk%2F&data=02%7C01%7Cwsilva_ericsson%40timbrasil.com.br%7Cfe6a5330623642b5985f08d7d0e81996%7C57b8c96eac2f4d78a149f1fc6817d3c4%7C0%7C0%7C637207567601775321&sdata=UCoCK%2BXjh2XkiCz0SKZlS%2FbwU7mgTErYtimnz%2FzgI8w%3D&reserved=0</a></div>
<div>Warning: I wish NOT to receive e-mail advertising to this address.</div>
<div>Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.</div>
<div>LSD will make your ECS screen display 16.7 million colors ______________________________________________________________________________</div>
<div>Member info: <a href="https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cwsilva_ericsson%40timbrasil.com.br%7Cfe6a5330623642b5985f08d7d0e81996%7C57b8c96eac2f4d78a149f1fc6817d3c4%7C0%7C0%7C637207567601775321&sdata=q9XFmGZTc7fQVO2c9PvpV6RLET8DAwva%2F0pSVB30pyE%3D&reserved=0">https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cwsilva_ericsson%40timbrasil.com.br%7Cfe6a5330623642b5985f08d7d0e81996%7C57b8c96eac2f4d78a149f1fc6817d3c4%7C0%7C0%7C637207567601775321&sdata=q9XFmGZTc7fQVO2c9PvpV6RLET8DAwva%2F0pSVB30pyE%3D&reserved=0</a></div>
<div>Documentation: <a href="https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Cwsilva_ericsson%40timbrasil.com.br%7Cfe6a5330623642b5985f08d7d0e81996%7C57b8c96eac2f4d78a149f1fc6817d3c4%7C0%7C0%7C637207567601775321&sdata=1XNmPeVHdYDczMcvk1KVWhuGd8YSqsV8VIgOcOlua8M%3D&reserved=0">https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Cwsilva_ericsson%40timbrasil.com.br%7Cfe6a5330623642b5985f08d7d0e81996%7C57b8c96eac2f4d78a149f1fc6817d3c4%7C0%7C0%7C637207567601775321&sdata=1XNmPeVHdYDczMcvk1KVWhuGd8YSqsV8VIgOcOlua8M%3D&reserved=0</a></div>
<div>FAQ: <a href="https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Cwsilva_ericsson%40timbrasil.com.br%7Cfe6a5330623642b5985f08d7d0e81996%7C57b8c96eac2f4d78a149f1fc6817d3c4%7C0%7C0%7C637207567601775321&sdata=LsvnJIBF%2FUDvN5t4pqKBhIZfopCOJGaZ42x%2FohwbWHc%3D&reserved=0">https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Cwsilva_ericsson%40timbrasil.com.br%7Cfe6a5330623642b5985f08d7d0e81996%7C57b8c96eac2f4d78a149f1fc6817d3c4%7C0%7C0%7C637207567601775321&sdata=LsvnJIBF%2FUDvN5t4pqKBhIZfopCOJGaZ42x%2FohwbWHc%3D&reserved=0</a></div>
<div> </div>
<div><font face="Times New Roman" size="3"><span style="font-size:12pt;"><br>
<font face="Times New Roman">Esta mensagem, incluindo seus anexos, pode conter informações privilegiadas e/ou de caráter confidencial, não podendo ser retransmitida sem autorização do remetente. Se você não é o destinatário ou pessoa autorizada para recebê-la,
informamos que o seu uso, divulgação, cópia ou arquivamento são proibidos. Portanto, se você recebeu esta mensagem por engano, por favor nos informe respondendo imediatamente a este e-mail e delete o seu conteúdo. </font></span></font></div>
<div style="margin-top:14pt;"><font face="Times New Roman" size="3"><span style="font-size:12pt;">This message, including its attachments, may contain privileged or confidential information, and it must not be fowarded without the express authorization of the
sender. If you are not the intended recipient, we hereby inform you that the use, disclosure, copy or filing are forbidden. So, if you received this message as a mistake, please inform us by answering this e-mail and deleting its contents </span></font></div>
<div style="margin-top:14pt;"><font face="Times New Roman" size="3"><span style="font-size:12pt;">Questo messaggio, inclusi gli allegati, potrebbe contenere informazioni privilegiate e/o riservate, e non deve essere ritrasmesse senza l'autorizzazione del mittente.
Se non siete il destinatario o la persona autorizzata a riceverlo, informiamo che il suo utilizzo, diffusione, copia o archiviazione sono proibite. Quindi, se avete ricevuto questo messaggio per errore, per cortesia ci informi rispondendo immediatamente a questa
email e cancelli il suo contenuto </span></font></div>
</span></font>
</body>
</html>