Re: pix and syslog

[Florin Andrei <florin () sgi com>]

On Fri, 2003-05-30 at 10:22, Luca Berra wrote:
> hello,
> i have a pix version 6.3.1 configured to log via syslog on an HP-UX server.
> I would like to log packets permitted by a particular rule of an
> access-list to see if i can tighten it. so i have
>
> access-list sarca permit tcp any host 4.5.6.7 log 4 interval 600
>
> in the buffer log i see something like
> 106100: access-list sarca permitted tcp sarca/1.2.3.4(3796) ->
>         inside/4.5.6.7(80) hit-cnt 1 (first hit)
>
> on the syslogserver i see:
>
> ..: %PIX-4-106100: access-list usi permitted tcp sarca/1.2.3.4(3796) ->
>
> is there any known issue on newlines and syslog?

While i cannot say for sure that there is indeed an issue with the HP-UX
version of syslog, this strikes me as a "deja-vu" type of thing. I've
seen quite a few small oddities like that while playing with various
syslog implementations.
Try and use a different syslog, maybe on a different OS, just
temporarily, just for tests.

It's been a while since i started to do some heavy syslogging with
msyslog-1.08e on Linux Red Hat 7.2, with a SQL backend, and so far there
were no issues, neither small nor big.

http://sourceforge.net/projects/msyslog/

-- 
Florin Andrei

"Good people do not need laws to tell them to act responsibly,
while bad people will find a way around the laws." - Plato

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards