The message is refering to a packet: Destination 160.16.10.2 destination_port 161 (SNMP) Source 160.16.6.15 source_port 0 (!) ip_protocol 11 (UDP)
I might have got the source/destination the wrong way... What is rather strange is the port = 0, this is not normal - it might be what it is complaining about. I assume this is an IPSO platform, if so try looking for the offending packets - tcpdump -ieth-s1p1 port 0 Obviously you will have to select the correct interface. Good luck Derin -----Original Message----- From: Crist Clark [mailto:crist.clark@;GLOBALSTAR.COM] Sent: 17 October 2002 18:27 To: [EMAIL PROTECTED] Subject: Re: [FW-1] Help with syslog stuff > Lenny Sanchez wrote: > > I'm getting this echoed to me at the command prompt:Oct 17 10:18:16 <firewall> [LOG_CRIT] kernel: <a010a02,a1,a01060e,0,11;0,4000,0> <0 : =0 22> I'm going to guess that that is a Linux system it is running on? > It was mentioned to me that it's the state tables syncing. If I do a > man syslog, I get no manual entry for syslog. What Linux are you running? Try manpages for "syslogd" and "syslog.conf". > But, if I cat the /var/log/messages file on one firewall, the data is > being written to it. So is that Linux? Or Nokia? It's probably not Solaris. > The other firewall, it's not. How can I make it so it echoes to a > specific log file for both, and stops annoyingly echoing to the > command line. I tried to make changes to the properties, log and > alerts tab, but not successful. As has already been pointed out, you need to have a look at the syslog.conf files. I believe Check Point just uses the LOG_KERN facility ("kern" in the syslog.conf), and as your log message shows, these specific messages are level LOG_CRIT ("crit"). Direct them to wherever you want in the syslog.conf. -- Crist J. Clark [EMAIL PROTECTED] Globalstar Communications (408) 933-4387 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [EMAIL PROTECTED] ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= <FONT SIZE=1>********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately and then delete from your system. This footnote also confirms that this email message has been swept for the presence of known computer viruses. **********************************************************************</FONT> ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
