Firewall Wizards mailing list archives
Re: pix and syslog
From: Luca Berra <bluca () comedia it>
Date: Tue, 3 Jun 2003 19:24:05 +0200
On Sat, May 31, 2003 at 08:28:18AM -0400, Brian Ford wrote:
Luca,Newlines? I guess I didn't see enough of your log output to get the issue? I don't know of any newlines issues.
Brian, it seems pix 6.3.1 sends a line with an embedded newline to the remote syslog, the remote syslog does not like it, and cuts the line. problem is similar to CSCdp87564 i believe i'll have to file a couple of bug reports, i post to fw-wiz in case someone else happens to stumble into this. I checked with tcpdump (address have been edited to protect the innocent, yes i edited the hex dump as well) tcpdump output: 0x0020 3e4a 756e 2030 3320 3230 3033 2031 383a >Jun.03.2003.18: 0x0030 3438 3a30 323a 2025 5049 582d 342d 3130 48:02:.%PIX-4-10 0x0040 3631 3030 3a20 6163 6365 7373 2d6c 6973 6100:.access-lis 0x0050 7420 6161 6120 7065 726d 6974 7465 6420 t.aaa.permitted. 0x0060 7463 7020 6161 612f 3130 2e31 302e 3130 tcp.aaa/10.10.10 0x0070 2e31 3028 3235 3733 2920 2d3e 200a 0969 .10(2573).->...i 0x0080 6e73 6964 652f 3130 2e32 3534 2e31 302e nside/10.254.10. 0x0090 3235 3428 3830 2920 6869 742d 636e 7420 254(80).hit-cnt. 0x00a0 3120 2866 6972 7374 2068 6974 290a 1.(first.hit). syslog entry: Jun 3 18:50:16 pix Jun 03 2003 18:48:02: %PIX-4-106100: access-list aaa permitted tcp aaa/10.10.10.10(2573) -> Regards, L. -- Luca Berra -- bluca () comedia it Communication Media & Services S.r.l. /"\ \ / ASCII RIBBON CAMPAIGN X AGAINST HTML MAIL / \ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: pix and syslog Luca Berra (Jun 03)