Re: confused by some information in syslog.log

lin.chen · ‎03-19-2007

Who can tell me which daemon or software will produce following information in syslog.log
------------------------------------------
Mar 19 16:15:59 gateway date=2007-03-19 time=16:13:16 devname=FG100A2106400379 device_id=FG100A2106400379 log_id=0021010001 type=traffic subtype=allowed pri=notice vd=root SN=4278820 duration=180 user=N/A group=N/A policyid=33 proto=17 service=53/udp app_type=N/A status=accept src=192.168.1.32 srcname=192.168.1.32 dst=202.133.242.196 dstname=202.133.242.196 src_int=internal dst_int=wan1 sent=127 rcvd=159 sent_pkt=2 rcvd_pkt=2 src_port=1046 dst_port=53 vpn=N/A tran_ip=61.221.178.12 tran_port=1046 dir_disp=org tran_disp=snat
--------------------------------------------
What does it mean?Is there some way to eliminate the boring message?
Thanks a lot!

Peter Godron · ‎03-19-2007

Hi,
check your /etc/syslog.conf for the type of error/info going to syslog.log.

lin.chen · ‎03-19-2007

Thanks peter,following is my syslog.con
----------------------------------------
# @(#)B.11.11_LR

#

# syslogd configuration file.

#

# See syslogd(1M) for information about the format of this file.

#

mail.debug /var/adm/syslog/mail.log

*.info;mail.none /var/adm/syslog/syslog.log

*.alert /dev/console

*.alert root

*.emerg *

-------------------------------------------
it seems a normal file.is there something wrong?

Ivan Krastev · ‎03-19-2007

It looks like some device (firewall) is configured to log to this syslog server. Check for devices - devname=FG100A2106400379 device_id=FG100A2106400379

regards,
ivan

lin.chen · ‎03-19-2007

Hello Ivan,
could you give me some detailed information?
what does the devname mean,How can I check it in system.
where can I config the firewall?
thanks a lot!

Ivan Krastev · ‎03-19-2007

This look like fortigate firewall - http://www.fortinet.com

Check with your network team for any new installed/configured firewalls.

regards,
ivan

Ivan Krastev · ‎03-19-2007

And you can filter which hosts have access to your syslog server via /etc/syslog.auth - http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/V50_HTML/MAN/MAN4/0239____.HTM

If this file is empty then all hosts have access.

regards,
ivan

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: confused by some information in syslog.log

confused by some information in syslog.log