Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
481
Views
0
Helpful
1
Replies

Wrong syslog stats

bluedrake
Level 1
Level 1

‎11-18-2008 11:26 PM

Hi All

Running a ASA 5520 iso 8.0.2

This morning our syslog stats say a user downloaded 1.4GB in 30mins. However on our mrtg there are no masive spikes, also the user only has a 384Kbps line at home so the download time is impossible. The other thing is the users ISP said he hardly used 100MB at home. I have also noticed this on a few other occasions.

Here are the logs, any help would be great. thanks

Nov 12 06:50:43 cptinf Nov 12 2008 06:50:43 internal : %ASA-6-302015: Built inbound UDP connection 18311763 for outside:x.x.x.x/50068 (x.x.x.x/50068) to cptint:y.y.y.y/1194 (y.y.y.y/1194)

Nov 12 07:22:03 cptinf Nov 12 2008 07:22:03 internal : %ASA-6-302016: Teardown UDP connection 18311763 for outside:x.x.x.x/50068 to cptint:y.y.y.y/1194 duration 0:31:19 bytes 1469109264

Thanks for all the help in advance

Labels:
0 Helpful
1 Reply 1

drolemc
Level 6
Level 6

‎11-26-2008 02:44 PM

%PIX|ASA-6-302015: Built {inbound|outbound} UDP connection number for interface_name:real_address/real_port (mapped_address/mapped_port) to interface_name:real_address/real_port (mapped_address/mapped_port) [(user)]

A UDP connection slot between two hosts is created. The following list describes the message values: connection number . A unique identifier.interface, real_address, real_port . The actual sockets. mapped_address and mapped_port . The mapped sockets. user . The AAA name of the user. If inbound is specified, then the original control connection is initiated from the outside. For example, for UDP, all data transfer channels are inbound if the original control channel is inbound. If outbound is specified, then the original control connection is initiated from the inside.

%PIX|ASA-6-302016: Teardown UDP connection number for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss bytes bytes [(user)]

A UDP connection slot between two hosts was deleted. The following list describes the message values: connection number is an unique identifier. interface, real_address, real_port are the actual sockets. time is the lifetime of the connection. bytes is the data transfer of the connection. connection id is an unique identifier. interface, real-address, real-port are the actual sockets. duration is the lifetime of the connection. bytes is the data transfer of the connection. user is the AAA name of the user.

0 Helpful
Customers Also Viewed These Support Documents