Find the answer to your Linux question:
Results 1 to 4 of 4
Code: Mar 17 17:08:52 server kernel: fp=INPUT:99 a=DROP IN=eth0 OUT= MAC=<mymac>:00:1f:ca:20:52:05:08:00 SRC=83.109.117.8 DST=<myip> LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=29212 DF PROTO=TCP SPT=26650 DPT=6882 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 17 17:08:52 server ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2005
    Posts
    20

    syslog is overflowing


    Code:
    Mar 17 17:08:52 server kernel: fp=INPUT:99 a=DROP IN=eth0 OUT= MAC=<mymac>:00:1f:ca:20:52:05:08:00 SRC=83.109.117.8 DST=<myip> LEN=52 TOS=0x00 
    PREC=0x00 TTL=106 ID=29212 DF PROTO=TCP SPT=26650 DPT=6882 WINDOW=8192 RES=0x00 
    SYN URGP=0 
    Mar 17 17:08:52 server kernel: fp=INPUT:99 a=DROP IN=eth0 OUT= MAC=<mymac>:00:1f:ca:20:52:05:08:00 SRC=190.16.212.177 DST=<myip> LEN=48 TOS=0x0
    0 PREC=0x00 TTL=112 ID=30513 DF PROTO=TCP SPT=51300 DPT=6882 WINDOW=8192 RES=0x0
    0 SYN URGP=0 
    Mar 17 17:08:52 server kernel: fp=INPUT:99 a=DROP IN=eth0 OUT= MAC=<mymac>:00:1f:ca:20:52:05:08:00 SRC=67.61.204.219 DST=<myip> LEN=52 TOS=0x00
     PREC=0x00 TTL=111 ID=32871 PROTO=TCP SPT=1765 DPT=6882 WINDOW=65535 RES=0x00 SY
    N URGP=0
    syslog keeps going on and on like this. It winds up being hundreds of megs long and never stops until my var partition is full, when my file server(the pc syslog is on) then locks up. I don't know how to stop it or if I'm being h4xxored or what? I just want it to stop because it's annoying to have to manually delete it every time it locks up my computer. I suppose I could write a small cron jobs script but I'm wondering if it's a sign of something more serious?

    I should mention that I'm pretty sure it has something to do with an iptables script I downloaded off the internet. It's below in the link.

    Easy Firewall Generator for iptables

  2. #2
    Linux Newbie
    Join Date
    Feb 2009
    Location
    Third ring of Pergatory
    Posts
    199
    If I'm reading the script correctly it's flushed and rewritten your IP tables as well as loaded a couple of modules for you. It's also from 2005 and probably not compliant with the new "iptables" spec.
    What kernel are you running, What edition of Slackware ?

  3. #3
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,754
    IPTables is *logging* to syslog. Since you have hundreds/thousands of IP packets hitting your machine and they are all being logged, it is making syslog grow quickly.

    If you don't want/aren't equipped to manage this level of logging, disable it.

  4. #4
    Just Joined!
    Join Date
    Oct 2005
    Posts
    20
    Quote Originally Posted by HROAdmin26 View Post
    IPTables is *logging* to syslog. Since you have hundreds/thousands of IP packets hitting your machine and they are all being logged, it is making syslog grow quickly.

    If you don't want/aren't equipped to manage this level of logging, disable it.
    Thanks, I'll dig through and turn off logging.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •