[syslog-ng] cisco tcp syslog weirdness/merkwuerdigkeit
Blurry
obsfucate at gmail.com
Wed Aug 22 23:03:50 CEST 2007
Ok that output was quite different, with some non-printable chars. I
didn't want to meial it to everyone, but it is quite small. it is here
http://20v.org/tmp/cap.gz
looks a bit like
Aug 22 16:47:56.298 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst
155.2.254.250<47>47303: Aug 22 16:47:56.298 EDT: ICMP: echo reply
rcvd, src 77.22.0.202, dst 155.2.254.250<47>47304: Aug 22 16:47:56.302
EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst
155.2.254.250<47>47305: Aug 22 16:47:56.302 EDT: ICMP: echo reply
rcvd, src 77.22.0.202, dst 155.2.254.250<47>47306: Aug 22 16:47:56.302
EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst
155.2.254.250<47>47307: Aug 22 16:47:56.302 EDT: ICMP: echo reply
rcvd, src 77.22.0F
.202, dst 155.2.254.250<47>47308: Aug 22 16:47:56.302 EDT: ICMP: echo
reply rcvd, src 77.22.0.202, dst 155.2.254.250<47>47309: Aug 22
16:47:56.302 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst
155.2.254.250
Thanks
On 8/22/07, Matt Zagrabelny <mzagrabe at d.umn.edu> wrote:
> On Wed, 2007-08-22 at 15:27 -0400, Blurry wrote:
> > I am not sure what to expect from tcp dump, but I don't see much that
> > matches between the log file and the tcp dump file expect hostnames
> > and timestamps.
>
> try this on the syslog-ng host:
>
> # tcpdump -s0 -w /tmp/syslog-ng.dump dst port 514
>
> then attach the dump file in an email.
>
> --
> Matt Zagrabelny - mzagrabe at d.umn.edu - (218) 726 8844
> University of Minnesota Duluth
> Information Technology Systems & Services
> PGP key 1024D/84E22DA2 2005-11-07
> Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2
>
>
More information about the syslog-ng
mailing list