Find the answer to your Linux question:
Results 1 to 7 of 7
I've got these strange warnings in my firewall logs. They are logged with a priority of warning and a facility of kernel; I just don't know why or what they ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie humbletech99's Avatar
    Join Date
    Nov 2005
    Posts
    225

    Stange kernel warnings IN=eth1 OUT= MAC=00:80:c8:4c:0e:.....


    I've got these strange warnings in my firewall logs. They are logged with a priority of warning and a facility of kernel; I just don't know why or what they are and why am I getting a warning, they look just like packet traffic...
    Code:
    kernel: IN=eth1 OUT= MAC=00:00:c8:4c:00:d1:00:10:7b:c1:c7:a1:08:00 SRC=195.128.48.63 DST=82.154.253.87 LEN=51 TOS=0x00 PREC=0x00 TTL=111 ID=63193 PROTO=UDP SPT=4067 DPT=6346 LEN=31

  2. #2
    Just Joined! Sykotik's Avatar
    Join Date
    Mar 2002
    Location
    Cape Town, South Africa
    Posts
    54
    That's output from iptables' LOG target, so I'd say that your firewall setup is simply logging packets that it drops to the kernel log.

  3. #3
    Linux Newbie humbletech99's Avatar
    Join Date
    Nov 2005
    Posts
    225
    how do I stop this extraneous logging, it's polluting the logs and distracting from more important logs like failed password attempts. I've set the syslog to not report anything below error level so I don't get these, but it feels like covering up the sympton rather than finding and fixing the cause.

  4. #4
    Just Joined! Sykotik's Avatar
    Join Date
    Mar 2002
    Location
    Cape Town, South Africa
    Posts
    54
    Well, I don't know which distro/firewall tool you're using, so I'm not sure how you'd go about this. Assuming you have some script that sets up your firewall for you, you'd be looking for something like:

    Code:
    iptables -A INPUT -i eth0 -j LOG
    The "-j LOG" is the part that specifies that packets matching the rule should go to syslog. You'll want to remove (or comment) that line.

    If you're using a wrapper tool to manage your firewall (such as Shorewall and co.), I'm not sure how you'd go about it.

  5. #5
    Linux Newbie humbletech99's Avatar
    Join Date
    Nov 2005
    Posts
    225
    thanks for that, I'll have a look...

  6. #6
    Just Joined!
    Join Date
    May 2006
    Posts
    2

    Question

    is there any option to convert that DST ipaddres into its FQDN , in other words display the actual FQDN , rather then the ipaddress

  7. #7
    Just Joined! Sykotik's Avatar
    Join Date
    Mar 2002
    Location
    Cape Town, South Africa
    Posts
    54
    Quote Originally Posted by root_slack
    is there any option to convert that DST ipaddres into its FQDN , in other words display the actual FQDN , rather then the ipaddress
    Not as far as I know. I wouldn't think so, since that would mean a reverse lookup for every packet logged from a different IP; not really something you want to have your syslogger held up by for every unique destination IP.

    On another note, just a friendly warning that what you've just done (asking a different, unrelated question on someone else's thread) may be considered thread hijacking, which is against the forum rules.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •