So many log entries localhost kernel: IN-internet:IN=.....

ErrorBound · 03-02-2007, 02:57 PM

I have a Debian Sarge server that's spitting out a ton of these messages, both to the logfiles and to stdout which is annoying if you're trying to use the terminal.

The messages look like

Code:

localhost kernel: IN-internet:IN=eth0 OUT= MAC=... SRC=... DST=... LEN=235 TOS=0x00 PREC=0x00 TTL=128 ID=43848 PROTO=UDP SPT=138 DPT=138 LEN=215

Where I have removed the mac and IP addresses. These are being sent mostly to and from the router. Can I suppress these so they don't show up? Are these actually errors or otherwise things to be concerned about?

Mara · 03-03-2007, 03:33 PM

I guess it's your iptables (firewall) script logging all suspected/dropped packets (the examples look like SMB - Windows file sharing). To stop the messages you need to look in the script. The lines of interest are those with '--log-prefix' (it defines the message passed to logs). You would need to remove the annoying logging. If you have written the script yourself, it should be easy. If not, post the lines with the prefix and we will try to modify them for you.

ErrorBound · 03-04-2007, 11:31 PM

Dzień dobry Mara

The server uses FireHOL as a firewall, this is probably the source of these, right? I'll look into this.

Mara · 03-06-2007, 03:01 PM

You're welcome.

FireHOL is a likely source. You don't configure it by accessing iptables script directly. Instead look into the configuration file and check the logging options.

ErrorBound · 03-18-2007, 04:01 PM

This was fixed by adding the following line to the very end of firehol.conf:

Code:

FIREHOL_LOG_LEVEL="3"