Topic: Help With Reading Log Files

[Black]

Damn guys i've been at this for along time now I still dont know as much as i should  How do I read a log file? How do I know what people are looking for when they can? example pulled from my logs..


"kernel: denylog:IN=eth1 OUT= MAC=00:20:78:11:92:f9:00:02:3b:02:4b:f5:08:00 SRC=69.34.11.240 DST=69.34.226.132 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=62128 DF PROTO=TCP SPT=1434 DPT=6101 WINDOW=53760 RES=0x00 SYN URGP=0 "

Looks like IP - Source Port is what I should be focusing on? Are these justs Bots?

'kernel: denylog:IN=eth1 OUT= MAC=00:20:78:11:92:f9:00:02:3b:02:4b:f5:08:00 SRC=83.28.204.108 DST=69.34.226.132 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=5096 DF PROTO=TCP SPT=35185 DPT=2234 WINDOW=16384 RES=0x00 SYN URGP=0"

And how do you delete logs so they dont take up alot of HDD Space?


Thanks!

[cc_skavenger]

"kernel: denylog:IN=eth1 OUT= MAC=00:20:78:11:92:f9:00:02:3b:02:4b:f5:08:00 SRC=69.34.11.240 DST=69.34.226.132 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=62128 DF PROTO=TCP SPT=1434 DPT=6101 WINDOW=53760 RES=0x00 SYN URGP=0 "

Kernel letting you know that it blocked a TCP connection from IP 69.34.11.240 port 1434 to IP 69.34.226.132 port 6101.......