[syslog-ng] cisco tcp syslog weirdness/merkwuerdigkeit

Matt Zagrabelny mzagrabe at d.umn.edu
Wed Aug 22 23:15:41 CEST 2007 

On Wed, 2007-08-22 at 17:03 -0400, Blurry wrote:
> Ok that output was quite different, with some non-printable chars. I
> didn't want to meial it to everyone, but it is quite small. it is here
> http://20v.org/tmp/cap.gz

Something went awry. I get the following error from Wireshark:

The file "/tmp/cap" is a capture for a network type that Wireshark
doesn't support.
(pcap: network type 4095878165 unknown or unsupported)

Try again. (hit ^C when done capturing)

# tcpdump -s0 -w /tmp/syslog-ng.dump dst port 514

> looks a bit like
> Aug 22 16:47:56.298 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst
> 155.2.254.250<47>47303: Aug 22 16:47:56.298 EDT: ICMP: echo reply
> rcvd, src 77.22.0.202, dst 155.2.254.250<47>47304: Aug 22 16:47:56.302
> EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst
> 155.2.254.250<47>47305: Aug 22 16:47:56.302 EDT: ICMP: echo reply
> rcvd, src 77.22.0.202, dst 155.2.254.250<47>47306: Aug 22 16:47:56.302
> EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst
> 155.2.254.250<47>47307: Aug 22 16:47:56.302 EDT: ICMP: echo reply
> rcvd, src 77.22.0F
> .202, dst 155.2.254.250<47>47308: Aug 22 16:47:56.302 EDT: ICMP: echo
> reply rcvd, src 77.22.0.202, dst 155.2.254.250<47>47309: Aug 22
> 16:47:56.302 EDT: ICMP: echo reply rcvd, src 77.22.0.202, dst
> 155.2.254.250
> 
> Thanks
> 
> On 8/22/07, Matt Zagrabelny <mzagrabe at d.umn.edu> wrote:
> > On Wed, 2007-08-22 at 15:27 -0400, Blurry wrote:
> > > I am not sure what to expect from tcp dump, but I don't see much that
> > > matches between the log file and the tcp dump file expect hostnames
> > > and timestamps.
> >
> > try this on the syslog-ng host:
> >
> > # tcpdump -s0 -w /tmp/syslog-ng.dump dst port 514
> >
> > then attach the dump file in an email.
> >
> > --
> > Matt Zagrabelny - mzagrabe at d.umn.edu - (218) 726 8844
> > University of Minnesota Duluth
> > Information Technology Systems & Services
> > PGP key 1024D/84E22DA2 2005-11-07
> > Fingerprint: 78F9 18B3 EF58 56F5 FC85  C5CA 53E7 887F 84E2 2DA2
> >
> >
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- 
Matt Zagrabelny - mzagrabe at d.umn.edu - (218) 726 8844
University of Minnesota Duluth
Information Technology Systems & Services
PGP key 1024D/84E22DA2 2005-11-07
Fingerprint: 78F9 18B3 EF58 56F5 FC85  C5CA 53E7 887F 84E2 2DA2

He is not a fool who gives up what he cannot keep to gain what he cannot
lose.
-Jim Elliot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070822/f81b512d/attachment.pgp

More information about the syslog-ng mailing list