Firewall Wizards mailing list archives
Re: pix and syslog
From: Florin Andrei <florin () sgi com>
Date: 30 May 2003 14:17:08 -0700
On Fri, 2003-05-30 at 10:22, Luca Berra wrote:
hello, i have a pix version 6.3.1 configured to log via syslog on an HP-UX server. I would like to log packets permitted by a particular rule of an access-list to see if i can tighten it. so i have access-list sarca permit tcp any host 4.5.6.7 log 4 interval 600 in the buffer log i see something like 106100: access-list sarca permitted tcp sarca/1.2.3.4(3796) -> inside/4.5.6.7(80) hit-cnt 1 (first hit) on the syslogserver i see: ..: %PIX-4-106100: access-list usi permitted tcp sarca/1.2.3.4(3796) -> is there any known issue on newlines and syslog?
While i cannot say for sure that there is indeed an issue with the HP-UX version of syslog, this strikes me as a "deja-vu" type of thing. I've seen quite a few small oddities like that while playing with various syslog implementations. Try and use a different syslog, maybe on a different OS, just temporarily, just for tests. It's been a while since i started to do some heavy syslogging with msyslog-1.08e on Linux Red Hat 7.2, with a SQL backend, and so far there were no issues, neither small nor big. http://sourceforge.net/projects/msyslog/ -- Florin Andrei "Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws." - Plato _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- pix and syslog Luca Berra (May 30)
- Re: pix and syslog Florin Andrei (May 30)
- <Possible follow-ups>
- Re: pix and syslog Brian Ford (May 31)