I have a uDSM as a log source and the format for one of the entries looks like this:
src = XXX.XXX.XXX.XXX dst = XXX.XXX.XXX.XXX
Sometimes the Source IP is short.
The format is always the same.
Is there something that is considered to be the cause of that?
src = XXX.XXX.XXX.XXX dst = XXX.XXX.XXX.XXX
Sometimes the Source IP is short.
The format is always the same.
Is there something that is considered to be the cause of that?
ex)
payload
…..src = 192.168.111.222 dst = 11.22.33.44 ……….
LSX
srcs=s(¥d{1,3}¥.¥d{1,3}¥.¥d{1,3}¥.¥d{1,3})¥sdst
Source IP Pattern1(No problem)
192.168.111.222
Source IP Pattern2(Problem)
2.168.111.222
Source IP Pattern3(Problem)
192.168.111.2