Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Troels on March 23, 2004, 12:20:21 PM
-
I have a log file named, messages.20040315011207 it´s much larger than the others and filled up with these
Mar 19 18:10:46 lesme60 kernel: denylog:IN=eth1 OUT= MAC=00:04:76:e2:7b:27:00:02:3b:02:70:2e:08:00 SRC=80.161.97.76 DST=129.142.122.156 LEN=80 TOS=0x00 PREC=0xA0 TTL=120 ID=14985 PROTO=UDP SPT=1184 DPT=1074 LEN=60
there are some other logs that looks just like this but the src ips are different. Is this some kinde of hacker attempt ??
-
I just went over some other log files and they contain
the same but different src ips, one log file from today is aprox 3mb,
Regards Troels
-
these log entries come from the firewall.
the cause of these entries is that you are scanned by "scan-kids".
every host that is online will be scanned from time to time.
there is an option to turn the firewall log off.
search the forum for "firewall log" to get the solution for your problem.
cheers
-
I have the same problem, I upgraded my sme-server to version 6.0 yesterday and my messages log is full with these entries.
How do i turm it off? i've searched for "firewall log" but didn't find anything.
-
http://www.e-smith.org/faq.php3#6q8
How can I log/view all denied packets filtered by the firewall component of my SME Server?
By default, logging of denied packets is turned off. There are three levels of denied packet logging:
all - every blocked packet is logged
most - all blocked packets except SMB and RIP
none - (default) no blocked packets are logged
To change the level of logging:
/sbin/e-smith/db configuration setprop masq Logging most
/sbin/e-smith/signal-event remoteaccess-update
Denied packets will now be logged to the system log. (/var/log/messages)
Conversely, to turn logging off:
/sbin/e-smith/db configuration setprop masq Logging none
/sbin/e-smith/signal-event remoteaccess-update