API tools faq
paste
evgvain

syslog tcpdump

evgvain
Oct 4th, 2015
167
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.99 KB | None | 0 0
raw download clone embed print report
  1. From tcpdump:
  2.  
  3. Good events:
  4.  
  5. 05:29:41.343955 IP (tos 0x0, ttl 63, id 48267, offset 0, flags [none], proto UDP (17), length 124)
  6. 10.20.4.209.514 > 10.20.5.102.514: [udp sum ok] SYSLOG, length: 96
  7. Facility local1 (17), Severity notice (5)
  8. Msg: Oct 4 05:29:41 10.20.4.209 CMD_ACCT:su@10.20.5.157: sec-name "v2_read"
  9. 0x0000: 3c31 3431 3e4f 6374 2034 2030 353a 3239
  10. 0x0010: 3a34 3120 3130 2e32 302e 342e 3230 3920
  11. 0x0020: 434d 445f 4143 4354 3a73 7540 3130 2e32
  12. 0x0030: 302e 352e 3135 373a 2020 2020 2020 2020
  13. 0x0040: 2020 2020 2020 2020 2020 2020 2073 6563
  14. 0x0050: 2d6e 616d 6520 2276 325f 7265 6164 2220
  15. 05:29:41.379495 IP (tos 0x0, ttl 63, id 48268, offset 0, flags [none], proto UDP (17), length 117)
  16. 10.20.4.209.514 > 10.20.5.102.514: [udp sum ok] SYSLOG, length: 89
  17. Facility local1 (17), Severity notice (5)
  18. Msg: Oct 4 05:29:41 10.20.4.209 CMD_ACCT:su@10.20.5.157: no shutdown
  19. 0x0000: 3c31 3431 3e4f 6374 2034 2030 353a 3239
  20. 0x0010: 3a34 3120 3130 2e32 302e 342e 3230 3920
  21. 0x0020: 434d 445f 4143 4354 3a73 7540 3130 2e32
  22. 0x0030: 302e 352e 3135 373a 2020 2020 2020 2020
  23. 0x0040: 2020 2020 2020 2020 2020 2020 206e 6f20
  24. 0x0050: 7368 7574 646f 776e 20
  25.  
  26. "Bad" events:
  27.  
  28. 05:43:42.606012 IP (tos 0x0, ttl 254, id 19481, offset 0, flags [none], proto UDP (17), length 116)
  29. 10.20.4.213.5825 > 10.20.5.102.514: [udp sum ok] SYSLOG, length: 88
  30. Facility local4 (20), Severity notice (5)
  31. Msg: Oct 4 05:44:06 2015 HP %%10SHELL/5/SHELL_LOGIN: admin logged in from 10.20.5.157.\0x00
  32. 0x0000: 3c31 3635 3e4f 6374 2020 3420 3035 3a34
  33. 0x0010: 343a 3036 2032 3031 3520 4850 2025 2531
  34. 0x0020: 3053 4845 4c4c 2f35 2f53 4845 4c4c 5f4c
  35. 0x0030: 4f47 494e 3a20 6164 6d69 6e20 6c6f 6767
  36. 0x0040: 6564 2069 6e20 6672 6f6d 2031 302e 3230
  37. 0x0050: 2e35 2e31 3537 2e00
  38. 05:43:42.606040 IP (tos 0x0, ttl 254, id 19482, offset 0, flags [none], proto UDP (17), length 259)
  39. 10.20.4.213.5825 > 10.20.5.102.514: [udp sum ok] SYSLOG, length: 231
  40. Facility local4 (20), Severity info (6)
  41. Msg: Oct 4 05:44:06 2015 HP %%10SNMP/6/SNMP_NOTIFY: Notification hh3cLogIn(1.3.6.1.4.1.25506.2.2.1.1.3.0.1) with hh3cTerminalUserName(1.3.6.1.4.1.25506.2.2.1.1.2.1.0)=admin;hh3cTerminalSource(1.3.6.1.4.1.25506.2.2.1.1.2.2.0)=VTY.\0x00
  42. 0x0000: 3c31 3636 3e4f 6374 2020 3420 3035 3a34
  43. 0x0010: 343a 3036 2032 3031 3520 4850 2025 2531
  44. 0x0020: 3053 4e4d 502f 362f 534e 4d50 5f4e 4f54
  45. 0x0030: 4946 593a 204e 6f74 6966 6963 6174 696f
  46. 0x0040: 6e20 6868 3363 4c6f 6749 6e28 312e 332e
  47. 0x0050: 362e 312e 342e 312e 3235 3530 362e 322e
  48. 0x0060: 322e 312e 312e 332e 302e 3129 2077 6974
  49. 0x0070: 6820 6868 3363 5465 726d 696e 616c 5573
  50. 0x0080: 6572 4e61 6d65 2831 2e33 2e36 2e31 2e34
  51. 0x0090: 2e31 2e32 3535 3036 2e32 2e32 2e31 2e31
  52. 0x00a0: 2e32 2e31 2e30 293d 6164 6d69 6e3b 6868
  53. 0x00b0: 3363 5465 726d 696e 616c 536f 7572 6365
  54. 0x00c0: 2831 2e33 2e36 2e31 2e34 2e31 2e32 3535
  55. 0x00d0: 3036 2e32 2e32 2e31 2e31 2e32 2e32 2e30
  56. 0x00e0: 293d 5654 592e 00
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!