[sysmon-help] Weird udp issues
Bryan C. Geraghty
bgeraghty at pamlab.com
Tue Apr 13 17:13:30 EDT 2004
I seem to be having a weird problem with UDP port monitoring. Sysmon
works great for everything else. I am running sysmon 3.50 on redhat 9.
The servers I am monitoring are windows 2000 in an active directory
environment. I have the following three objects set up within my config
file:
object pamlab2k-01_dns-port {
ip "pamlab2k-01";
type udp;
port 53;
desc "Pamlab2k-01 :: DNS Port";
dep "pamlab2k-01";
contact "tech.support at pamlab.com";
};
object pamlab2k-01_dns-query {
ip "pamlab2k-01";
type dns;
dns-query "pamlab.com";
desc "Pamlab2k-01 :: DNS Query";
dep "firewall";
contact "tech.support at pamlab.com";
};
object pamlab2k-01_dhcp-port {
ip "pamlab2k-01";
type udp;
port 67;
desc "Pamlab2k-01 :: DHCP Port";
dep "pamlab2k-01";
contact "tech.support at pamlab.com";
};
The DNS port gets an "up" about every other heartbeat but the dns query
shows 100% uptime. The dhcp port has 0% uptime; yet, my dhcp server is
up and running and my clients can get ip addresses. I checked my
firewall and everything seems to be passing through fine. I ran nmap -sU
pamlab2k-01 from the linux server and it shows the ports open. Anyone
have any ideas?
// End of message //
Bryan Geraghty
Database administrator
Pamlab, LLC
4099 HWY 190
Covington, LA 70433
(985) 893-4097 x5865
bgeraghty at pamlab.com
More information about the Sysmon-help
mailing list