Ok that output was quite different, with some non-printable chars. I didn't want to meial it to everyone, but it is quite small. it is here http://20v.org/tmp/cap.gz looks a bit like Aug 22 16:47:56.298 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst 155.2.254.250<47>47303: Aug 22 16:47:56.298 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst 155.2.254.250<47>47304: Aug 22 16:47:56.302 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst 155.2.254.250<47>47305: Aug 22 16:47:56.302 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst 155.2.254.250<47>47306: Aug 22 16:47:56.302 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst 155.2.254.250<47>47307: Aug 22 16:47:56.302 EDT: ICMP: echo reply rcvd, src 77.22.0F .202, dst 155.2.254.250<47>47308: Aug 22 16:47:56.302 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst 155.2.254.250<47>47309: Aug 22 16:47:56.302 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst 155.2.254.250 Thanks On 8/22/07, Matt Zagrabelny <mzagrabe@d.umn.edu> wrote:
On Wed, 2007-08-22 at 15:27 -0400, Blurry wrote:
I am not sure what to expect from tcp dump, but I don't see much that matches between the log file and the tcp dump file expect hostnames and timestamps.
try this on the syslog-ng host:
# tcpdump -s0 -w /tmp/syslog-ng.dump dst port 514
then attach the dump file in an email.
-- Matt Zagrabelny - mzagrabe@d.umn.edu - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2