[prev in list] [next in list] [prev in thread] [next in thread]
List: loganalysis
Subject: Re: [logs] regarding %PIX-6-302006:
From: "Wajih-ur-Rehman" <wrehman () imperialsoft ! com ! pk>
Date: 2003-07-18 6:43:15
[Download RAW message or body]
Dear Brian,
Thanx for the explanation.
I am using the documentation of PIX version 6.0 and above from this site:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a00800891c4.html
I think, then even in the version 6 documentation, they have not correctly
specified it.
Best Regards
Wajih-ur-Rehman
----- Original Message -----
From: "Brian Ford" <brford@cisco.com>
To: "Wajih-ur-Rehman" <wrehman@imperialsoft.com.pk>
Cc: <loganalysis@lists.shmoo.com>
Sent: Friday, July 18, 2003 12:40 AM
Subject: Re: [logs] regarding %PIX-6-302006:
> Wajih-ur-Rehman,
>
> What version of the PIX documentation are you looking at? The reason I
ask
> is that this is a known bug in the PIX documentation from version 5.3.
>
> If you look in the documentation you may see that the text for Syslog
> messages 302002 and 302006 have exactly the same description.
>
> The PIX does not compute duration or bytes for a UDP connection. The PIX
> builds a state table entry for UDP connections - based on SRC IP & Port;
> DST IP and Port. There is no concept of an individual "session" for UDP
> connection. The PIX just starts a timer after each packet it sees
between
> a single ip and port and another ip and port. If multiple UDP sessions
> were established between two peers (same IPs and port numbers) the PIX
> cannot tell each session apart.
>
> Liberty for All,
>
> Brian
>
>
> At 05:48 PM 7/16/2003 +0500, Wajih-ur-Rehman wrote:
> > Hello all,
> >
> > I am trying to analyze PIX (6.1) logs. I am facing a problem regarding
the
> > following:
> >
> > %PIX-6-302006: Teardown UDP connection for faddr faddr/fport gaddr
> > gaddr/gport laddr laddr/lport
> >
> > Explanation This is a connection-related message. This message is
logged
> > when a UDP connection is terminated. The duration and byte count for the
> > session are reported. If the connection required authentication, the
> > username is also reported in the last field of the message. This message
is
> > used by the PIX Firewall Manager to generate reports.
> >
> > The explanation says, that it logs the duration and bytes as well but in
my
> > logs, i dont find even a single entry with duration and bytes. Any help
> > would be greatly appreciated.
> >
> > Best Regards
> > Wajih-ur-Rehman
> >
> > _______________________________________________
> > LogAnalysis mailing list
> > LogAnalysis@lists.shmoo.com
> > http://lists.shmoo.com/mailman/listinfo/loganalysis
>
_______________________________________________
LogAnalysis mailing list
LogAnalysis@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/loganalysis
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic