[prev in list] [next in list] [prev in thread] [next in thread] 

List:       loganalysis
Subject:    Re: [logs] regarding %PIX-6-302006:
From:       "Wajih-ur-Rehman" <wrehman () imperialsoft ! com ! pk>
Date:       2003-07-18 6:43:15
[Download RAW message or body]

Dear Brian,

Thanx for the explanation.

I am using the documentation of PIX version 6.0 and above from this site:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a00800891c4.html


I think, then even in the version 6 documentation, they have not correctly
specified it.

Best Regards
Wajih-ur-Rehman





----- Original Message ----- 
From: "Brian Ford" <brford@cisco.com>
To: "Wajih-ur-Rehman" <wrehman@imperialsoft.com.pk>
Cc: <loganalysis@lists.shmoo.com>
Sent: Friday, July 18, 2003 12:40 AM
Subject: Re: [logs] regarding %PIX-6-302006:


> Wajih-ur-Rehman,
> 
> What version of the PIX documentation are you looking at?  The reason I
ask
> is that this is a known bug in the PIX documentation from version 5.3.
> 
> If you look in the documentation you may see that the text for Syslog
> messages 302002 and 302006 have exactly the same description.
> 
> The PIX does not compute duration or bytes for a UDP connection.  The PIX
> builds a state table entry for UDP connections - based on SRC IP & Port;
> DST IP and Port.   There is no concept of an individual "session" for UDP
> connection.   The PIX just starts a timer after each packet it sees
between
> a single ip and port and another ip and port.  If multiple UDP sessions
> were established between two peers (same IPs and port numbers) the PIX
> cannot tell each session apart.
> 
> Liberty for All,
> 
> Brian
> 
> 
> At 05:48 PM 7/16/2003 +0500, Wajih-ur-Rehman wrote:
> > Hello all,
> > 
> > I am trying to analyze PIX (6.1) logs. I am facing a problem regarding
the
> > following:
> > 
> > %PIX-6-302006: Teardown UDP connection for faddr faddr/fport gaddr
> > gaddr/gport laddr laddr/lport
> > 
> > Explanation   This is a connection-related message. This message is
logged
> > when a UDP connection is terminated. The duration and byte count for the
> > session are reported. If the connection required authentication, the
> > username is also reported in the last field of the message. This message
is
> > used by the PIX Firewall Manager to generate reports.
> > 
> > The explanation says, that it logs the duration and bytes as well but in
my
> > logs, i dont find even a single entry with duration and bytes. Any help
> > would be greatly appreciated.
> > 
> > Best Regards
> > Wajih-ur-Rehman
> > 
> > _______________________________________________
> > LogAnalysis mailing list
> > LogAnalysis@lists.shmoo.com
> > http://lists.shmoo.com/mailman/listinfo/loganalysis
> 

_______________________________________________
LogAnalysis mailing list
LogAnalysis@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/loganalysis


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic