[logs] CISCO Pix via syslog on Solaris

• Previous message: Trond Kringstad: "[logs] syslog consolidation and reports"
• Next in thread: Chris Brenton: "Re: [logs] CISCO Pix via syslog on Solaris"
• Reply: Chris Brenton: "Re: [logs] CISCO Pix via syslog on Solaris"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I found this CISCO Pix message in a solaris syslog:

Nov  3 18:00:16 [10.0.111.10.2.2] %PIX-3-106011: Deny inbound (No xlate) icmp src outside:212.212.212.212 dst outside:212.212.212.213 (type 8, code 0)

I never saw the "[10.0.111.10.2.2]" part before! What is the 2.2 part after the IP and why does the entry not contain the hostname (just like normal syslog entries) instead of the bracket-thing? Is this something specific to Solaris? How can I change that setting?

Thanks

	-Raffy

-- 

Raffael Marty, CISSP                          raffael.marty@private
Security Engineer                           Content Team @ ArcSight Inc.
1309 South Mary Ave.         Sunnyvale, CA 94087          (408) 328 5562



_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Raz Alon: "[logs] ArcSight vs CA's Security Command Center"
• Previous message: Trond Kringstad: "[logs] syslog consolidation and reports"
• Next in thread: Chris Brenton: "Re: [logs] CISCO Pix via syslog on Solaris"
• Reply: Chris Brenton: "Re: [logs] CISCO Pix via syslog on Solaris"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Nov 12 2003 - 07:32:25 PST