Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 Mar 2001 14:14:51 -0500 (EST)
From:      Ashby Gochenour <freebsd@intelos.net>
To:        Edwin Groothuis <edwin@mavetju.org>
Cc:        freebsd-questions@FreeBSD.ORG, ashbyg@ntelos.net
Subject:   Re: syslogd and cisco
Message-ID:  <Pine.GSO.4.21.0103271408090.29727-100000@flanders.intelos.net>
In-Reply-To: <20010327195758.G490@cgmd76206.chello.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 
Edwin and All,
Thank you for the reply.

> tcpdump port syslog
> tcpdump -lenXs 1500 port syslog

Running this did produce a log coming from the router that I saw through
tcpdump. This still did not get logged to my router.log file. I've been
watching this and see that UDP varies from 93 to 88 and back. Is this 93
and 88 a port or what does it signify?

14:08:56.678016 0:2:fd:1:4c:a0 0:50:8b:c8:19:5d 0800
135: 192.168.50.193.1480 > 192.168.50.199.514:  udp 93

14:08:11.914873 0:2:fd:1:4c:a0 0:50:8b:c8:19:5d 0800
130: 192.168.50.193.1480 > 192.168.50.199.514:  udp 88

Full log:

14:05:34.161607 0:2:fd:1:4c:a0 0:50:8b:c8:19:5d 0800
135: 192.168.50.193.1480 > 192.168.50.199.514:  udp 93
0x0000   4500 0079 007b 0000 ff11 d41f c0a8 32c1        E..y.{........2.
0x0010   c0a8 32c7 05c8 0202 0065 9cef 3c31 3838        ..2......e..<188
0x0020   3e31 3533 3a20 3032 3a35 373a 3034 3a20        >153:.02:57:04:.
0x0030   2546 572d 342d 414c 4552 545f 4f4e 3a20        %FW-4-ALERT_ON:.
0x0040   6765 7474 696e 6720 6167 6772 6573 7369        getting.aggressi
0x0050   7665 2c20 636f 756e 7420 2832 2f35 3030        ve,.count.(2/500
0x0060   2920 6375 7272 656e 7420 312d 6d69 6e20        ).current.1-min.
0x0070   7261 7465 3a20 3530 30                         rate:.500


Any help at figuring out why I see the udp packet in tcpdump, but it is
not logging to where I specify in syslogd?

Is this the part where I need to take out the -a ?

Thanks,

Ashby Gochenour
Unix Administration
NTELOS
NOC


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.21.0103271408090.29727-100000>