Hi there,
I'm a bit new to linux. But'I've got a question about logging things. On my E-smith box I've installeld a loganalyser. It sends me a 500 kb mail every hour. When I look in to the logs I can see the following:
May 12 11:01:25 e-smith kernel: Packet log: denylog DENY eth1 PROTO=17
131.155.241.225:138 131.155.241.255:138 L=229 S=0x00 I=9 F=0x0000 T=128 (#1)
May 12 11:01:26 e-smith kernel: Packet log: denylog DENY eth1 PROTO=17
131.155.241.226:138 131.155.241.255:138 L=239 S=0x00 I=53762 F=0x0000 T=32 (#1)
May 12 11:01:27 e-smith kernel: Packet log: denylog DENY eth1 PROTO=17
131.155.241.225:138 131.155.241.255:138 L=208 S=0x00 I=11 F=0x0000 T=128 (#1)
and:
May 12 11:01:35 e-smith kernel: Packet log: denylog DENY eth1 PROTO=17
131.155.241.225:137 131.155.241.255:137 L=78 S=0x00 I=18 F=0x0000 T=128 (#1)
May 12 11:01:36 e-smith kernel: Packet log: denylog DENY eth1 PROTO=1
131.155.241.155:10 224.0.0.2:0 L=28 S=0x00 I=20992 F=0x0000 T=128 (#1)
May 12 11:01:36 e-smith kernel: Packet log: denylog DENY eth1 PROTO=17
131.155.241.225:137 131.155.241.255:137 L=78 S=0x00 I=19 F=0x0000 T=128 (#1)
This goes on and on and on. Is there a way to avoid this. By deny-ing acces to port 137 and 138 on eth1 or by not logging this or something else.
The problem is that the logs are growing very big an I can't do anything with this information. I harly can find real security porblem with this amount of logging.
Real thanks,
Thijs Nijpjes
0 Replies
411 Views