Results 1 to 7 of 7
I've got these strange warnings in my firewall logs. They are logged with a priority of warning and a facility of kernel; I just don't know why or what they ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 05-23-2006 #1
Stange kernel warnings IN=eth1 OUT= MAC=00:80:c8:4c:0e:.....
I've got these strange warnings in my firewall logs. They are logged with a priority of warning and a facility of kernel; I just don't know why or what they are and why am I getting a warning, they look just like packet traffic...
kernel: IN=eth1 OUT= MAC=00:00:c8:4c:00:d1:00:10:7b:c1:c7:a1:08:00 SRC=18.104.22.168 DST=22.214.171.124 LEN=51 TOS=0x00 PREC=0x00 TTL=111 ID=63193 PROTO=UDP SPT=4067 DPT=6346 LEN=31
- 05-23-2006 #2
That's output from iptables' LOG target, so I'd say that your firewall setup is simply logging packets that it drops to the kernel log.
- 05-23-2006 #3
how do I stop this extraneous logging, it's polluting the logs and distracting from more important logs like failed password attempts. I've set the syslog to not report anything below error level so I don't get these, but it feels like covering up the sympton rather than finding and fixing the cause.
- 05-23-2006 #4
Well, I don't know which distro/firewall tool you're using, so I'm not sure how you'd go about this. Assuming you have some script that sets up your firewall for you, you'd be looking for something like:
iptables -A INPUT -i eth0 -j LOG
If you're using a wrapper tool to manage your firewall (such as Shorewall and co.), I'm not sure how you'd go about it.
- 05-23-2006 #5
- 05-23-2006 #6
- Join Date
- May 2006
is there any option to convert that DST ipaddres into its FQDN , in other words display the actual FQDN , rather then the ipaddress
- 05-23-2006 #7Originally Posted by root_slack
On another note, just a friendly warning that what you've just done (asking a different, unrelated question on someone else's thread) may be considered thread hijacking, which is against the forum rules.