Balazs Scheidler <bazsi@balabit.hu> writes:
what is this message number? A serial number?
Actually it is a sequence number. I see it when my Cisco routers log via syslog. The number is incremented by one every time a router sends a syslog message. Very useful to detect missing log entries, among other things. Here's a hex dump of a complete packet, in case this helps clear things up: 0: 0800 2083 600e 0000 0c76 bf10 0800 4500 .. .`....v....E. 16: 0094 0182 0000 fe11 1690 8243 4ffc 8243 ...........CO..C 32: 4fc4 1ac4 0202 0080 302f 3c31 3930 3e33 O.......0/<190>3 48: 3536 313a 2046 6562 2032 3620 3232 3a33 561: Feb 26 22:3 64: 393a 3138 2e32 3132 3a20 2553 4543 2d36 9:18.212: %SEC-6 80: 2d49 5041 4343 4553 534c 4f47 503a 206c -IPACCESSLOGP: l 96: 6973 7420 3132 3020 6465 6e69 6564 2074 ist 120 denied t 112: 6370 cp ... which produces the following syslog message. Note that I have removed the hostname and part of the message stating IP addresses. Feb 26 22:33:46 xxxxxxx.xx.telenor.net 3561: Feb 26 22:39:18.212: %SEC-6-IPACCESSLOGP: list 120 denied tcp... Syslog-ng is running under Solaris 2.6. -- Terje Krogdahl Nextra AS - I don't buy from spammers.