Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2446
Views
0
Helpful
2
Replies

Syslog Sequence Numbering

Go to solution
michael.leblanc
Level 4
Level 4

‎10-20-2010 12:25 PM

Note: These messages have been extracted from Syslog Message Fields in a Wireshark trace file, so the leading numbers (e.g.: 86771, 86743) are not being pre-pended by the syslog server.

Example of a syslog message with "service sequence-numbers" NOT configured on the router:

86771: router: Oct 20 14:58:22.900 EDT: %FW-6-SESS_AUDIT_TRAIL_START: Start pop3 session: initiator (client-ip-addr:1904) -- responder (server-ip-addr:110)


Example of a syslog message with "service sequence-numbers" configured on the router:

86743: router: 087899: Oct 20 14:50:22.313 EDT: %FW-6-SESS_AUDIT_TRAIL: Stop pop3 session: initiator (client-ip-addr:1887) sent 50 bytes -- responder (server-ip-addr:110) sent 251 bytes


If "087899" is the sequence number in the above example, then what is "86743"?

Best Regards,

Mike

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
yjdabear
VIP Alumni
VIP Alumni

‎10-20-2010 01:25 PM

Those are "logging message-count", as explained here:

http://ieoc.com/forums/t/10711.aspx

View solution in original post

0 Helpful
2 Replies 2

Go to solution
yjdabear
VIP Alumni
VIP Alumni

‎10-20-2010 01:25 PM

Those are "logging message-count", as explained here:

http://ieoc.com/forums/t/10711.aspx

0 Helpful

Go to solution
michael.leblanc
Level 4
Level 4
In response to yjdabear

‎10-20-2010 02:08 PM

yjdabear:

Thank you for the informative response.

Best Regards,

Mike

0 Helpful
Customers Also Viewed These Support Documents