mGuard #2435
Comments
|
Send me pcap file on email ikheifets@splunk.com |
|
@mccain007 without pcap file (with log messages that producing your device) we can't implement parser for you. |
|
Understood I was trying to get the pcap from the admin for mguard but he hasn’t replied
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Ilya ***@***.***>
Sent: Thursday, May 9, 2024 10:59:09 AM
To: splunk/splunk-connect-for-syslog ***@***.***>
Cc: mccain007 ***@***.***>; Mention ***@***.***>
Subject: Re: [splunk/splunk-connect-for-syslog] mGuard (Issue #2435)
@mccain007<https://github.com/mccain007> without pcap file (with log messages that producing your device) we can't implement parser for you
—
Reply to this email directly, view it on GitHub<#2435 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A6GWLEP4FACDYFDVZVV7MJ3ZBOFL3AVCNFSM6AAAAABHCHIUQ6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBSHAZTCNJVHE>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
Here is what the customer sent me:
Here we go ***@***.***:~$ sudo tcpdump host XX.XX.XX.229
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), snapshot length 262144 bytes
11:21:58.536095 ARP, Request who-has grp01.XXX.gov tell hqw-ntx-esx01.XXX.gov, length 46
11:22:33.125109 IP mdm.XXX.gov.46215 > grp01.XXX.gov.syslog: SYSLOG user.notice, length: 85
11:22:38.350866 ARP, Request who-has XXXgrp01.XXX.gov tell mdm.XXX.gov, length 28
11:22:38.351017 ARP, Reply XXXgrp01.XXX.gov is-at XXX:30:e7 (oui Unknown), length 46
11:22:55.612299 IP mdm.XXX.gov.46215 > XXXgrp01.XXX.gov.syslog: SYSLOG user.notice, length: 72
11:23:18.767188 IP mdm.XXX.gov.46215 > XXXgrp01.XXX.gov.syslog: SYSLOG user.notice, length: 63
11:23:23.918855 ARP, Request who-has XXXgrp01.XXX.gov tell mdm.XXX.gov, length 28
11:23:23.919074 ARP, Reply XXXgrp01.XXX.gov is-at XXX:30:e7 (oui Unknown), length 46
^C
8 packets captured
8 packets received by filter
0 packets dropped by kernel
do you want me to send you whats being captured by SC4S? i can't connect to his server to do a pcap from the sc4s end.
…________________________________
From: Paul McCain ***@***.***>
Sent: Thursday, May 9, 2024 11:53 AM
To: splunk/splunk-connect-for-syslog ***@***.***>; splunk/splunk-connect-for-syslog ***@***.***>
Cc: Mention ***@***.***>
Subject: Re: [splunk/splunk-connect-for-syslog] mGuard (Issue #2435)
Understood I was trying to get the pcap from the admin for mguard but he hasn’t replied
Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: Ilya ***@***.***>
Sent: Thursday, May 9, 2024 10:59:09 AM
To: splunk/splunk-connect-for-syslog ***@***.***>
Cc: mccain007 ***@***.***>; Mention ***@***.***>
Subject: Re: [splunk/splunk-connect-for-syslog] mGuard (Issue #2435)
@mccain007<https://github.com/mccain007> without pcap file (with log messages that producing your device) we can't implement parser for you
—
Reply to this email directly, view it on GitHub<#2435 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A6GWLEP4FACDYFDVZVV7MJ3ZBOFL3AVCNFSM6AAAAABHCHIUQ6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBSHAZTCNJVHE>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
Hello, @mccain007 ! I need raw logs that producing your device, send me please pcap file and I will open your pcap in WireShark. Without problem of your tcpdump output that we can't see here raw log content. Please use official guide |
|
@mccain007 I closing this issue, because you haven't provide me pcap file, and I waiting for it month. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the sc4s version ?
sc4s version=3.22.5
Is there a pcap available?
no
What the vendor name?
Phoenix Contact
What's the product name?
mGuard
** Feature Request description: **
new filter
** Should it support TCP or UDP?**
both
** Do you want to have it for local usage or prepare a github PR? **
local
The text was updated successfully, but these errors were encountered: