06-01-2010 10:14 AM
It seems in the hostname field of the syslog I am getting some sort of a random generated number, (see below). The confoguration is set as syslog "Original" format and we have removed facility ID. Anyone run across this before?
May 28 00:06:13 19259262 05/27/2010 17:06:12.300 SEV=4 IKE/123 RPT=11788
XXX.XXX.XXX.XXX Group [XXXXXXXXXX] User [XXXXXXXXXX] IKE lost contact with remote peer, deleting connection (keepalive type: DPD)
May 28 00:06:13 19259264 05/27/2010 17:06:12.300 SEV=5 IKE/194 RPT=43154
XXX.XXX.XXX.XXX Group [XXXXXXXXXX] User [XXXXXXXXXX] Sending IKE Delete With Reason
message: Connectivity to Client Lost.
May 28 00:06:40 19259291 05/27/2010 17:06:39.990 SEV=5 IKE/25 RPT=68826
XXX.XXX.XXX.XXX Group [XXXXXXXXXX] User [XXXXXXXXXX] Received remote Proxy Host data in ID Payload: Address XXX.XXX.XXX.XXX, Protocol 0, Port 0
06-02-2010 04:20 AM
That is actually the sequence number on VPN3030 for logging messages, not the hostname field.
06-02-2010 09:21 AM
ah, ok. thanks for clearing that up. How would one go about
removing the sequence number and replacing it with a hostname or IP. It seems
all of our other devices use that field for device identification
.
06-03-2010 03:50 AM
Unfortunately you can't remove the sequence number and change it to the hostname/ip address.
There are 2 syslog formats for VPN Concentrator:
1) Original
2) Cisco IOS Compatible
However, unfortunately both doesn't include the hostname/ip address.
1) Original sample syslog:
3 11/04/2004 14:37:06.680 SEV=4 HTTP/47 RPT=17 10.10.1.35 New administrator login: admin.
2) Cisco IOS Compatible sample syslog:
3 2004 Nov 04 14:37:06.680 EDT -4:00 %HTTP-5-47:RPT=17 10.10.1.35: New administrator login: admin.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide