On Wed, 2007-08-22 at 17:03 -0400, Blurry wrote:
Ok that output was quite different, with some non-printable chars. I didn't want to meial it to everyone, but it is quite small. it is here http://20v.org/tmp/cap.gz
Something went awry. I get the following error from Wireshark: The file "/tmp/cap" is a capture for a network type that Wireshark doesn't support. (pcap: network type 4095878165 unknown or unsupported) Try again. (hit ^C when done capturing) # tcpdump -s0 -w /tmp/syslog-ng.dump dst port 514
looks a bit like Aug 22 16:47:56.298 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst 155.2.254.250<47>47303: Aug 22 16:47:56.298 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst 155.2.254.250<47>47304: Aug 22 16:47:56.302 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst 155.2.254.250<47>47305: Aug 22 16:47:56.302 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst 155.2.254.250<47>47306: Aug 22 16:47:56.302 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst 155.2.254.250<47>47307: Aug 22 16:47:56.302 EDT: ICMP: echo reply rcvd, src 77.22.0F .202, dst 155.2.254.250<47>47308: Aug 22 16:47:56.302 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst 155.2.254.250<47>47309: Aug 22 16:47:56.302 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst 155.2.254.250
Thanks
On 8/22/07, Matt Zagrabelny <mzagrabe@d.umn.edu> wrote:
On Wed, 2007-08-22 at 15:27 -0400, Blurry wrote:
I am not sure what to expect from tcp dump, but I don't see much that matches between the log file and the tcp dump file expect hostnames and timestamps.
try this on the syslog-ng host:
# tcpdump -s0 -w /tmp/syslog-ng.dump dst port 514
then attach the dump file in an email.
-- Matt Zagrabelny - mzagrabe@d.umn.edu - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html -- Matt Zagrabelny - mzagrabe@d.umn.edu - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2
He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot