Request enhancemend for Syslog daemon connector's function for network packet fragmentation

Idea ID 2802086

Request enhancemend for Syslog daemon connector's function for network packet fragmentation

0 Votes

Dear technical support and partner

This is Jason.

One of customer experience some abnormal event shows from ArcSight console which processed by syslog daemon connector which WAF device event connected

And they found abnormal event happen when there are Fragmented IP packet proccessed by connector.

If there are fragmented packet sent to syslog daemon from WAF device, the connector try to parsing all Fragmented packet which coming to connector server via udp.

I'd opened the case SD02678593, and there are answer for the WAF device have to review the setting.

I think the WAF device send the syslog too long more than  4,000 byte , and the network device dive the packet to smaller with fragmented.

But, at the connector side, the fragmented packet is just the target for parsing, because there are syslog header exist at fragmented packet too.

So, how about if there are fragmented packet coming to connector server , the smart connector ignore that for better event parsing.

 

thank you in advanced

Best regards

 

Tags (1)
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.