Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Syslog message error with 6 octets IP address

Hi all,

Getting syslog message with six octets ip address instead of four. The first four octets are the correct IP address, not sure where the last two came from.

Wondering if anyone has seen this type before. Cisco ISR 3825 with Version 12.4(9)T4 Router and Version 12.2(25) switch module

Initially, I thought that IPv6 was enabled.

Aug 9 14:18:52 [10.5.1.9.22.20] 199: *Aug 9 14:20:24.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down

Aug 9 14:19:13 [10.5.1.9.22.20] 203: *Aug 9 14:20:44.439: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up

3 REPLIES
Cisco Employee

Re: Syslog message error with 6 octets IP address

Ah, yes, the famous six octets. This comes up every so often. The last two octets are actually the encoded source UDP port the device used to send the message. Since a port is a 16-bit short, it cannot live in a single 8-bit octet. So, the sixth octet is the low-order bits in the 16-bit value (20 in this case). The fifth octet represents the high-order bits (22 in this case):

22 << 8 + 20 = 5652

Said another way:

(22 * 256) + 20 = 5652

Therefore, the device used the source UDP port 5652 when sending this message.

New Member

Re: Syslog message error with 6 octets IP address

Thanks for your prompt response.

Is there away to disable or configure this so that normal 4 octet can be send to NMS server?

Actually, the last two octet is 224.204.

Which would be 10.5.1.9.224.204. Based on your calculation, this would change.

Cisco Employee

Re: Syslog message error with 6 octets IP address

No, this is a fact of Solaris syslog. The devices have nothing to do with this format.

930
Views
0
Helpful
3
Replies