Privacy Policy

Guest
  • Guest
  • Guest Topic Starter
2000-05-17T20:36:46Z
Date parsed: 5/17/2000 8:36:46 PM

Date: Wed, 17 May 2000 19:36:46 +0200

Hi Paul!

This double logging may be either caused by having defined two rules =

which

log to the same log file (but you said that you have defined only one =

rule,

right?) or the syslog sender is sending every message twice. If =

possible,

use a sniffer (like MS Network Monitor) to capture the syslog traffic

(destination port: UDP/514) and analyze it.

Franz

"Paul Trivino" <ptrivino@alarismed.com> wrote in message

news:3A25DBCDF73F2245957BD0B041BEDAF001229D@is1.netal.com...

>

> Hi! We're trying to evaluate SL4NT V2.0. All I've done so far is

start

> logging to my SL4NT system, with a basic Action of "Log to File" =

invoked

by

> a Rule that says Src Addr of 10.9.1.1, any level, do above Rule. Just =

a

> basic capture to see how this works. However, when I create a log =

message

I

> get 2 copies of the message in the log file!!

>

> This certainly might be a device-specific thing - I'm trying to do

> syslog on a Nortel Accelar 1100 switch. I'll try another device as =

well,

> but have you seen this behavior before?

>

> TIA!!

>

> Paul Trivino

> Alaris Medical Systems, Inc.

> ptrivino@alarismed.com

>