From owner-freebsd-questions  Tue Mar 27 11:14:57 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.cfw.com (flanders.ntelos.net [216.12.0.16])
	by hub.freebsd.org (Postfix) with SMTP id 82AE637B720
	for <freebsd-questions@FreeBSD.ORG>; Tue, 27 Mar 2001 11:14:52 -0800 (PST)
	(envelope-from freebsd@intelos.net)
Received: (qmail 26228 invoked from network); 27 Mar 2001 14:14:51 -0500
Received: from unknown (HELO localhost) (127.0.0.1)
  by flanders.intelos.net with SMTP; 27 Mar 2001 14:14:51 -0500
Date: Tue, 27 Mar 2001 14:14:51 -0500 (EST)
From: Ashby Gochenour <freebsd@intelos.net>
To: Edwin Groothuis <edwin@mavetju.org>
Cc: freebsd-questions@FreeBSD.ORG, ashbyg@ntelos.net
Subject: Re: syslogd and cisco
In-Reply-To: <20010327195758.G490@cgmd76206.chello.nl>
Message-ID: <Pine.GSO.4.21.0103271408090.29727-100000@flanders.intelos.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Edwin and All,
Thank you for the reply.

> tcpdump port syslog
> tcpdump -lenXs 1500 port syslog

Running this did produce a log coming from the router that I saw through
tcpdump. This still did not get logged to my router.log file. I've been
watching this and see that UDP varies from 93 to 88 and back. Is this 93
and 88 a port or what does it signify?

14:08:56.678016 0:2:fd:1:4c:a0 0:50:8b:c8:19:5d 0800
135: 192.168.50.193.1480 > 192.168.50.199.514:  udp 93

14:08:11.914873 0:2:fd:1:4c:a0 0:50:8b:c8:19:5d 0800
130: 192.168.50.193.1480 > 192.168.50.199.514:  udp 88

Full log:

14:05:34.161607 0:2:fd:1:4c:a0 0:50:8b:c8:19:5d 0800
135: 192.168.50.193.1480 > 192.168.50.199.514:  udp 93
0x0000   4500 0079 007b 0000 ff11 d41f c0a8 32c1        E..y.{........2.
0x0010   c0a8 32c7 05c8 0202 0065 9cef 3c31 3838        ..2......e..<188
0x0020   3e31 3533 3a20 3032 3a35 373a 3034 3a20        >153:.02:57:04:.
0x0030   2546 572d 342d 414c 4552 545f 4f4e 3a20        %FW-4-ALERT_ON:.
0x0040   6765 7474 696e 6720 6167 6772 6573 7369        getting.aggressi
0x0050   7665 2c20 636f 756e 7420 2832 2f35 3030        ve,.count.(2/500
0x0060   2920 6375 7272 656e 7420 312d 6d69 6e20        ).current.1-min.
0x0070   7261 7465 3a20 3530 30                         rate:.500


Any help at figuring out why I see the udp packet in tcpdump, but it is
not logging to where I specify in syslogd?

Is this the part where I need to take out the -a ?

Thanks,

Ashby Gochenour
Unix Administration
NTELOS
NOC


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message