[syslog-ng] message numbers

26 Feb 2000 22:45:31 +0100

Balazs Scheidler <bazsi@balabit.hu> writes:

> what is this message number? A serial number?

Actually it is a sequence number. I see it when my Cisco routers log
via syslog. The number is incremented by one every time a router
sends a syslog message. Very useful to detect missing log entries,
among other things.

Here's a hex dump of a complete packet, in case this helps clear things up:

           0: 0800 2083 600e 0000 0c76 bf10 0800 4500    .. .`....v....E.
          16: 0094 0182 0000 fe11 1690 8243 4ffc 8243    ...........CO..C
          32: 4fc4 1ac4 0202 0080 302f 3c31 3930 3e33    O.......0/<190>3
          48: 3536 313a 2046 6562 2032 3620 3232 3a33    561: Feb 26 22:3
          64: 393a 3138 2e32 3132 3a20 2553 4543 2d36    9:18.212: %SEC-6
          80: 2d49 5041 4343 4553 534c 4f47 503a 206c    -IPACCESSLOGP: l
          96: 6973 7420 3132 3020 6465 6e69 6564 2074    ist 120 denied t
         112: 6370                                       cp

... which produces the following syslog message. Note that I have
removed the hostname and part of the message stating IP addresses.

Feb 26 22:33:46 xxxxxxx.xx.telenor.net 3561: Feb 26 22:39:18.212: %SEC-6-IPACCESSLOGP: list 120 denied tcp...

Syslog-ng is running under Solaris 2.6.

-- 
Terje Krogdahl
Nextra AS

  - I don't buy from spammers.