Re: [logs] regarding %PIX-6-302006:

• Previous message: Brian Ford: "Re: [logs] regarding %PIX-6-302006:"
• In reply to: Brian Ford: "Re: [logs] regarding %PIX-6-302006:"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear Brian,

Thanx for the explanation.

I am using the documentation of PIX version 6.0 and above from this site:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a00800891c4.html

I think, then even in the version 6 documentation, they have not correctly
specified it.

Best Regards
Wajih-ur-Rehman





----- Original Message ----- 
From: "Brian Ford" <brfordat_private>
To: "Wajih-ur-Rehman" <wrehmanat_private>
Cc: <loganalysisat_private>
Sent: Friday, July 18, 2003 12:40 AM
Subject: Re: [logs] regarding %PIX-6-302006:


> Wajih-ur-Rehman,
>
> What version of the PIX documentation are you looking at?  The reason I
ask
> is that this is a known bug in the PIX documentation from version 5.3.
>
> If you look in the documentation you may see that the text for Syslog
> messages 302002 and 302006 have exactly the same description.
>
> The PIX does not compute duration or bytes for a UDP connection.  The PIX
> builds a state table entry for UDP connections - based on SRC IP & Port;
> DST IP and Port.   There is no concept of an individual "session" for UDP
> connection.   The PIX just starts a timer after each packet it sees
between
> a single ip and port and another ip and port.  If multiple UDP sessions
> were established between two peers (same IPs and port numbers) the PIX
> cannot tell each session apart.
>
> Liberty for All,
>
> Brian
>
>
> At 05:48 PM 7/16/2003 +0500, Wajih-ur-Rehman wrote:
> >Hello all,
> >
> >I am trying to analyze PIX (6.1) logs. I am facing a problem regarding
the
> >following:
> >
> >%PIX-6-302006: Teardown UDP connection for faddr faddr/fport gaddr
> >gaddr/gport laddr laddr/lport
> >
> >Explanation   This is a connection-related message. This message is
logged
> >when a UDP connection is terminated. The duration and byte count for the
> >session are reported. If the connection required authentication, the
> >username is also reported in the last field of the message. This message
is
> >used by the PIX Firewall Manager to generate reports.
> >
> >The explanation says, that it logs the duration and bytes as well but in
my
> >logs, i dont find even a single entry with duration and bytes. Any help
> >would be greatly appreciated.
> >
> >Best Regards
> >Wajih-ur-Rehman
> >
> >_______________________________________________
> >LogAnalysis mailing list
> >LogAnalysisat_private
> >http://lists.shmoo.com/mailman/listinfo/loganalysis
>

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Batten, Gerald: "RE:[logs] LinkSys Firewall Log Samples anyone?"
• Previous message: Brian Ford: "Re: [logs] regarding %PIX-6-302006:"
• In reply to: Brian Ford: "Re: [logs] regarding %PIX-6-302006:"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 18 2003 - 12:41:40 PDT