Ostatnio w syslogu (ASA5510) zaczęło mi się pojawiać bardzo dożo wpisów typu:
Kod: Zaznacz cały
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305012: Teardown dynamic TCP translation from Inside:10.10.10.125/52984 to Outside:x.x.x.x/52984 duration 0:01:00
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305012: Teardown dynamic TCP translation from Inside:10.10.10.125/55809 to Outside:x.x.x.x/55809 duration 0:00:30
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305011: Built dynamic TCP translation from Inside:10.10.10.125/58773 to Outside:x.x.x.x/58773
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305011: Built dynamic TCP translation from Inside:10.10.10.125/58776 to Outside:x.x.x.x/58776
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305012: Teardown dynamic TCP translation from Inside:10.10.10.125/55879 to Outside:x.x.x.x/55879 duration 0:00:30
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305011: Built dynamic TCP translation from Inside:10.10.10.125/58781 to Outside:x.x.x.x/58781
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305012: Teardown dynamic TCP translation from Inside:10.10.10.125/52995 to Outside:x.x.x.x/52995 duration 0:01:00
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305011: Built dynamic TCP translation from Inside:10.10.10.125/58788 to Outside:x.x.x.x/58788
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305012: Teardown dynamic TCP translation from Inside:10.10.10.125/53016 to Outside:x.x.x.x/53016 duration 0:01:00
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305011: Built dynamic TCP translation from Inside:10.10.10.125/58797 to Outside:x.x.x.x/58797
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305012: Teardown dynamic TCP translation from Inside:10.10.10.125/55003 to Outside:x.x.x.x/55003 duration 0:00:39
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305011: Built dynamic TCP translation from Inside:10.10.10.125/58811 to Outside:x.x.x.x/58811
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305011: Built dynamic TCP translation from Inside:10.10.10.125/58823 to Outside:x.x.x.x/58823
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305011: Built dynamic TCP translation from Inside:10.10.10.125/58839 to Outside:x.x.x.x/58839
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305011: Built dynamic TCP translation from Inside:10.10.10.125/58840 to Outside:x.x.x.x/58840
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305012: Teardown dynamic TCP translation from Inside:10.10.10.125/52985 to Outside:x.x.x.x/52985 duration 0:01:00
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305012: Teardown dynamic TCP translation from Inside:10.10.10.125/53042 to Outside:x.x.x.x/53042 duration 0:01:00
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305011: Built dynamic TCP translation from Inside:10.10.10.125/58849 to Outside:x.x.x.x/58849
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305011: Built dynamic TCP translation from Inside:10.10.10.125/58853 to Outside:x.x.x.x/58853
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305011: Built dynamic TCP translation from Inside:10.10.10.125/58857 to Outside:x.x.x.x/58857
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:00: %ASA-6-305012: Teardown dynamic TCP translation from Inside:10.10.10.125/53053 to Outside:x.x.x.x/53053 duration 0:01:00
2017-08-05 00:00:00 Local4.Info 192.168.1.1 Aug 05 2017 00:00:01: %ASA-6-305012: Teardown dynamic TCP translation from Inside:10.10.10.125/53072 to Outside:x.x.x.x/53072 duration 0:01:00
W syslogu brak innych informacji na temat do jakiego adresu/strony są te połączenia.
Jak można sprawdzić gdzie faktycznie się dobija host 10.10.10.125 ?