Operating System - HP-UX
1833875 Members
1987 Online
110063 Solutions
New Discussion

confused by some information in syslog.log

 
lin.chen
Frequent Advisor

confused by some information in syslog.log

Who can tell me which daemon or software will produce following information in syslog.log
------------------------------------------
Mar 19 16:15:59 gateway date=2007-03-19 time=16:13:16 devname=FG100A2106400379 device_id=FG100A2106400379 log_id=0021010001 type=traffic subtype=allowed pri=notice vd=root SN=4278820 duration=180 user=N/A group=N/A policyid=33 proto=17 service=53/udp app_type=N/A status=accept src=192.168.1.32 srcname=192.168.1.32 dst=202.133.242.196 dstname=202.133.242.196 src_int=internal dst_int=wan1 sent=127 rcvd=159 sent_pkt=2 rcvd_pkt=2 src_port=1046 dst_port=53 vpn=N/A tran_ip=61.221.178.12 tran_port=1046 dir_disp=org tran_disp=snat
--------------------------------------------
What does it mean?Is there some way to eliminate the boring message?
Thanks a lot!
6 REPLIES 6
Peter Godron
Honored Contributor

Re: confused by some information in syslog.log

Hi,
check your /etc/syslog.conf for the type of error/info going to syslog.log.


lin.chen
Frequent Advisor

Re: confused by some information in syslog.log

Thanks peter,following is my syslog.con
----------------------------------------
# @(#)B.11.11_LR

#

# syslogd configuration file.

#

# See syslogd(1M) for information about the format of this file.

#

mail.debug /var/adm/syslog/mail.log

*.info;mail.none /var/adm/syslog/syslog.log

*.alert /dev/console

*.alert root

*.emerg *

-------------------------------------------
it seems a normal file.is there something wrong?
Ivan Krastev
Honored Contributor

Re: confused by some information in syslog.log

It looks like some device (firewall) is configured to log to this syslog server. Check for devices - devname=FG100A2106400379 device_id=FG100A2106400379

regards,
ivan
lin.chen
Frequent Advisor

Re: confused by some information in syslog.log

Hello Ivan,
could you give me some detailed information?
what does the devname mean,How can I check it in system.
where can I config the firewall?
thanks a lot!
Ivan Krastev
Honored Contributor

Re: confused by some information in syslog.log

This look like fortigate firewall - http://www.fortinet.com

Check with your network team for any new installed/configured firewalls.

regards,
ivan
Ivan Krastev
Honored Contributor

Re: confused by some information in syslog.log

And you can filter which hosts have access to your syslog server via /etc/syslog.auth - http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/V50_HTML/MAN/MAN4/0239____.HTM

If this file is empty then all hosts have access.

regards,
ivan