syslog is overflowing
syslog keeps going on and on like this. It winds up being hundreds of megs long and never stops until my var partition is full, when my file server(the pc syslog is on) then locks up. I don't know how to stop it or if I'm being h4xxored or what? I just want it to stop because it's annoying to have to manually delete it every time it locks up my computer. I suppose I could write a small cron jobs script but I'm wondering if it's a sign of something more serious?
Mar 17 17:08:52 server kernel: fp=INPUT:99 a=DROP IN=eth0 OUT= MAC=<mymac>:00:1f:ca:20:52:05:08:00 SRC=220.127.116.11 DST=<myip> LEN=52 TOS=0x00
PREC=0x00 TTL=106 ID=29212 DF PROTO=TCP SPT=26650 DPT=6882 WINDOW=8192 RES=0x00
Mar 17 17:08:52 server kernel: fp=INPUT:99 a=DROP IN=eth0 OUT= MAC=<mymac>:00:1f:ca:20:52:05:08:00 SRC=18.104.22.168 DST=<myip> LEN=48 TOS=0x0
0 PREC=0x00 TTL=112 ID=30513 DF PROTO=TCP SPT=51300 DPT=6882 WINDOW=8192 RES=0x0
0 SYN URGP=0
Mar 17 17:08:52 server kernel: fp=INPUT:99 a=DROP IN=eth0 OUT= MAC=<mymac>:00:1f:ca:20:52:05:08:00 SRC=22.214.171.124 DST=<myip> LEN=52 TOS=0x00
PREC=0x00 TTL=111 ID=32871 PROTO=TCP SPT=1765 DPT=6882 WINDOW=65535 RES=0x00 SY
I should mention that I'm pretty sure it has something to do with an iptables script I downloaded off the internet. It's below in the link.
Easy Firewall Generator for iptables
If I'm reading the script correctly it's flushed and rewritten your IP tables as well as loaded a couple of modules for you. It's also from 2005 and probably not compliant with the new "iptables" spec.
What kernel are you running, What edition of Slackware ?
IPTables is *logging* to syslog. Since you have hundreds/thousands of IP packets hitting your machine and they are all being logged, it is making syslog grow quickly.
If you don't want/aren't equipped to manage this level of logging, disable it.
Thanks, I'll dig through and turn off logging.
Originally Posted by HROAdmin26