Solved: Syslog Sequence Numbering

michael.leblanc · ‎10-20-2010

Note: These messages have been extracted from Syslog Message Fields in a Wireshark trace file, so the leading numbers (e.g.: 86771, 86743) are not being pre-pended by the syslog server.

Example of a syslog message with "service sequence-numbers" NOT configured on the router:

86771: router: Oct 20 14:58:22.900 EDT: %FW-6-SESS_AUDIT_TRAIL_START: Start pop3 session: initiator (client-ip-addr:1904) -- responder (server-ip-addr:110)

Example of a syslog message with "service sequence-numbers" configured on the router:

86743: router: 087899: Oct 20 14:50:22.313 EDT: %FW-6-SESS_AUDIT_TRAIL: Stop pop3 session: initiator (client-ip-addr:1887) sent 50 bytes -- responder (server-ip-addr:110) sent 251 bytes

If "087899" is the sequence number in the above example, then what is "86743"?

Best Regards,

Mike

yjdabear · ‎10-20-2010

Those are "logging message-count", as explained here:

http://ieoc.com/forums/t/10711.aspx

View solution in original post

yjdabear · ‎10-20-2010

Those are "logging message-count", as explained here:

http://ieoc.com/forums/t/10711.aspx

michael.leblanc · ‎10-20-2010

yjdabear:

Thank you for the informative response.

Best Regards,

Mike