Firewall Wizards mailing list archives
Re: pix and syslog
From: Luca Berra <bluca () comedia it>
Date: Tue, 3 Jun 2003 19:24:05 +0200
On Sat, May 31, 2003 at 08:28:18AM -0400, Brian Ford wrote:
Luca,Newlines? I guess I didn't see enough of your log output to get the issue? I don't know of any newlines issues.
Brian, it seems pix 6.3.1 sends a line with an embedded newline to the
remote syslog, the remote syslog does not like it, and cuts the line.
problem is similar to CSCdp87564
i believe i'll have to file a couple of bug reports, i post to fw-wiz in
case someone else happens to stumble into this.
I checked with tcpdump (address have been edited to protect the
innocent, yes i edited the hex dump as well)
tcpdump output:
0x0020 3e4a 756e 2030 3320 3230 3033 2031 383a >Jun.03.2003.18:
0x0030 3438 3a30 323a 2025 5049 582d 342d 3130 48:02:.%PIX-4-10
0x0040 3631 3030 3a20 6163 6365 7373 2d6c 6973 6100:.access-lis
0x0050 7420 6161 6120 7065 726d 6974 7465 6420 t.aaa.permitted.
0x0060 7463 7020 6161 612f 3130 2e31 302e 3130 tcp.aaa/10.10.10
0x0070 2e31 3028 3235 3733 2920 2d3e 200a 0969 .10(2573).->...i
0x0080 6e73 6964 652f 3130 2e32 3534 2e31 302e nside/10.254.10.
0x0090 3235 3428 3830 2920 6869 742d 636e 7420 254(80).hit-cnt.
0x00a0 3120 2866 6972 7374 2068 6974 290a 1.(first.hit).
syslog entry:
Jun 3 18:50:16 pix Jun 03 2003 18:48:02: %PIX-4-106100: access-list aaa permitted tcp aaa/10.10.10.10(2573) ->
Regards,
L.
--
Luca Berra -- bluca () comedia it
Communication Media & Services S.r.l.
/"\
\ / ASCII RIBBON CAMPAIGN
X AGAINST HTML MAIL
/ \
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: pix and syslog Luca Berra (Jun 03)