On Wed, 25 Jul 2012, Sthu Deus wrote:
> Good time of the day.
Heh.
> ) I found a solution, requiring setting
>
> KLOGD="-k /boot/System.map-$(uname -r) -c4"
>
> in
>
> /etc/init.d/klogd
>
> file. Unfortunately, wheezy (that I have the problem on) does not have
FORTUNATELY, wheezy deprecates
Good time of the day.
Fighting for stopping flood on tty.s (I did write about this recently)
from iptables LOG messages (something like
IN=br0 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
) I found a solution, requiring setting
KLOGD="-k /boot/System.map-$(
On 10/01/2008 03:05 AM, Adam Hardy wrote:
Out of interest, will dmesg -n X survive a reboot? Or is there another
config option for this?
No, it wouldn't survive a reboot. You can place the command in
/etc/init.d/rc.local.
You can also modify /etc/sysctl.conf. "Kernel.printk" is the value
On Wed, Oct 01, 2008 at 09:05:57AM +0100, Adam Hardy wrote:
> Out of interest, will dmesg -n X survive a reboot? Or is there another
> config option for this?
dmesg without parameters shows the currecnt content of the kernel
messages buffer. This buffer has limited size and does not survive
rebo
Mumia W.. on 30/09/08 07:54, wrote:
On 09/29/2008 02:03 PM, Marcin Kłapkowski wrote:
I set iptables rule for logging.
# iptables -I INPUT -m limit --limit 15/minute -j LOG --log-level 4
--log-prefix "firewall: "
It's logging in warning level. And my logs goes to kern.log file. It's
for now, bu
On 09/29/2008 02:03 PM, Marcin Kłapkowski wrote:
I set iptables rule for logging.
# iptables -I INPUT -m limit --limit 15/minute -j LOG --log-level 4
--log-prefix "firewall: "
It's logging in warning level. And my logs goes to kern.log file. It's
for now, but more over, this logs are flooded in
I set iptables rule for logging.
# iptables -I INPUT -m limit --limit 15/minute -j LOG --log-level 4
--log-prefix "firewall: "
It's logging in warning level. And my logs goes to kern.log file. It's
for now, but more over, this logs are flooded into console tty if i'm
without X. How can i set it t
On Sat, Jun 24, 2006 at 01:51:38PM +0200, Erik Persson wrote:
> [EMAIL PROTECTED]:~# cat /proc/sys/kernel/printk
> 3 4 1 7
Cool, I didn't realize this file existed in the /proc filesystem.
Time to review the documentation... ;-)
> man proc reveals that the 1 is the lowest value
as I
thought. This solves the problem since I now know what caused it. I will
probably change the iptables log level to debug to get rid of the messages.
Did you restart klogd? I don't believe it will change unless you stop
the old running klogd and restart it. If you didn't stop
the kernel log level as I
> thought. This solves the problem since I now know what caused it. I will
> probably change the iptables log level to debug to get rid of the messages.
I use firehol and have the log level set to 4. A recent upgrade
caused the logs to do what you reported, log
s I
> thought. This solves the problem since I now know what caused it. I will
> probably change the iptables log level to debug to get rid of the messages.
Did you restart klogd? I don't believe it will change unless you stop
the old running klogd and restart it. If you didn't s
seems
that the minimal allowed log level for kernel messages was set to 4 on
the router and klogd -c 0 thus didn't change the kernel log level as I
thought. This solves the problem since I now know what caused it. I will
probably change the iptables log level to debug to get rid of the messa
I think you have to set the log level to DEBUG,
so you can see it on '/var/log/syslog'
${PROG} ... ... -j LOG --log-level DEBUG --log-prefix "Blaster portscan "
--
Henrique G. Abreu
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Conta
set the log level of the messages logged via
the LOG target. My man page does not say what the default is.
Yes. I already looked into this, and it's certainly an alternative as
the standard iptables log level is warning and klogd as standard logs
everything except debug to ttys.
man klog
On Fri, Jun 23, 2006 at 14:42:24 +1000, Cameron Hutchison wrote:
> Erik Persson wrote:
>
> >I'm running a debian sarge as a router for a network, and I'm using
> >iptables. I need to log certain stuff from iptables, and I thus have
> >rules like:
> >${PROG} -A FORWARD -i eth1 -o eth0 -p tcp --dp
On Fri, 2006-06-23 at 00:18 +0200, Erik Persson wrote:
> Hey!
>
> I'm running a debian sarge as a router for a network, and I'm using
> iptables. I need to log certain stuff from iptables, and I thus have
> rules like:
> ${PROG} -A FORWARD -i eth1 -o eth0 -p tcp --dport 135 -m limit
> --limit
Erik Persson wrote:
>I'm running a debian sarge as a router for a network, and I'm using
>iptables. I need to log certain stuff from iptables, and I thus have
>rules like:
>${PROG} -A FORWARD -i eth1 -o eth0 -p tcp --dport 135 -m limit
> --limit 1/s -j LOG --log-prefix "Blaster portscan "
>Thi
Would a shell redirection fill the bill? Admittedly, this is not as
clean as fixing a config file, so:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html#LOGTARGET
looks like it has some meat to it. The suggestion of 'dmesg -n 1' would
be worth a shot anyhow. Thus endeth my expertis
Erik Persson([EMAIL PROTECTED]) is reported to have said:
> Hey!
>
> I'm running a debian sarge as a router for a network, and I'm using
> iptables. I need to log certain stuff from iptables, and I thus have
> rules like:
> ${PROG} -A FORWARD -i eth1 -o eth0 -p tcp --dport 135 -m limit
> --limi
Hey!
I'm running a debian sarge as a router for a network, and I'm using
iptables. I need to log certain stuff from iptables, and I thus have
rules like:
${PROG} -A FORWARD -i eth1 -o eth0 -p tcp --dport 135 -m limit
--limit 1/s -j LOG --log-prefix "Blaster portscan "
This however has the no
On Thu, 18 Apr 2002 16:43:09 +0800
"Patrick Hsieh" <[EMAIL PROTECTED]> wrote:
> I use this rule to redirect the outgoing smtp connection under NAT.
> Where are the log messages? I just can't find any log begging with
> "SMTP_LOG" under /var/log/. Idea?
The log entries will go where ever your sysl
On Thu, Apr 18, 2002 at 04:43:09PM +0800, Patrick Hsieh wrote:
| Hello,
|
| I use this rule to redirect the outgoing smtp connection under NAT.
| Where are the log messages? I just can't find any log begging with
| "SMTP_LOG" under /var/log/. Idea?
syslog and/or messages
if you go to a console,
Hello,
I use this rule to redirect the outgoing smtp connection under NAT.
Where are the log messages? I just can't find any log begging with
"SMTP_LOG" under /var/log/. Idea?
iptables -t nat -A PREROUTING -p TCP -s 192.168.10.0/24 ! -d
111.222.333.444 --dport 25 -j LOG --log-prefix SMTP_LOG:
--
s is new
> and unknown [1] since i haven't published it yet.
>
> i get connection attempts every 10 minutes or so by random IP
> addresses (i.e. ones that i wouldn't have anything to do with),
> iptables log them as
I would ignore these connect attempts. I don't
actually I just deinstalled portsentry because of this. There are a
huge number of Linux boxes out there that are desperately scanning port
111 looking for a nfs type server.
Its worth setting the trip wire level a little higher to avoid being
swamped with spurious info.
ection attempts every 10 minutes or so by random IP
addresses (i.e. ones that i wouldn't have anything to do with),
iptables log them as
Aug 5 10:37:26 mymachine kernel: IN=eth0 OUT=
MAC=00:20:78:10:82:fd:00:d0:d3:a5:6e:d9:08:00 SRC=195.240.140.98
DST=xxx.xxx.xxx.xxx LEN=48 TOS=0x00 PREC=0x4
> in only one night, there have been 355 such packets logged, 133
> distinct source IP addresses total, most of them going for port 80
> do you have any idea why this could be?
Code Red is still in the wild:
http://www.cert.org/advisories/CA-2001-23.html
At least that's how I explain away the mas
My best guess is that these are typical script-kiddie connection
attempts. I too get hundreds of scans a day, many to the same ports.
> the primary candidates for connection attempts so far have been to
> 21/tcp(ftp)
Root exploits, places to get/store warez.
> 53/tcp(dns)
Root exploits.
> 80/
On Sun, Oct 01, 2000 at 06:42:11PM -0500, William Jensen wrote:
> Here's an example:
>
> Oct 1 18:30:09 stimpy kernel: Firewall:IN=eth0 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:80:5a:e6:33:00:08:00 SRC=24.216.244.211
> DST=24.216.244.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=17211 PROTO=UDP
> SPT=137 DP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> Here's an example:
>
> Oct 1 18:30:09 stimpy kernel: Firewall:IN=eth0 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:80:5a:e6:33:00:08:00 SRC=24.216.244.211
> DST=24.216.244.255 LEN=78 TOS=0x00 PREC=0x00
Here's an example:
Oct 1 18:30:09 stimpy kernel: Firewall:IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:80:5a:e6:33:00:08:00 SRC=24.216.244.211
DST=24.216.244.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=17211 PROTO=UDP SPT=137
DPT=137 LEN=58
I'm reading that as:
-coming IN to my eth0
-going OUT my MAC
31 matches
Mail list logo
