LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software > Linux - Kernel
User Name
Password
Linux - Kernel This forum is for all discussion relating to the Linux kernel.

Notices

Reply
 
Search this Thread
Old 03-02-2007, 02:57 PM   #1
ErrorBound
Member
 
Registered: Apr 2006
Posts: 280

Rep: Reputation: 31
So many log entries localhost kernel: IN-internet:IN=.....


I have a Debian Sarge server that's spitting out a ton of these messages, both to the logfiles and to stdout which is annoying if you're trying to use the terminal.

The messages look like
Code:
localhost kernel: IN-internet:IN=eth0 OUT= MAC=... SRC=... DST=... LEN=235 TOS=0x00 PREC=0x00 TTL=128 ID=43848 PROTO=UDP SPT=138 DPT=138 LEN=215
Where I have removed the mac and IP addresses. These are being sent mostly to and from the router. Can I suppress these so they don't show up? Are these actually errors or otherwise things to be concerned about?
 
Old 03-03-2007, 03:33 PM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,536

Rep: Reputation: 148Reputation: 148
I guess it's your iptables (firewall) script logging all suspected/dropped packets (the examples look like SMB - Windows file sharing). To stop the messages you need to look in the script. The lines of interest are those with '--log-prefix' (it defines the message passed to logs). You would need to remove the annoying logging. If you have written the script yourself, it should be easy. If not, post the lines with the prefix and we will try to modify them for you.
 
Old 03-04-2007, 11:31 PM   #3
ErrorBound
Member
 
Registered: Apr 2006
Posts: 280

Original Poster
Rep: Reputation: 31
Dzień dobry Mara

The server uses FireHOL as a firewall, this is probably the source of these, right? I'll look into this.
 
Old 03-06-2007, 03:01 PM   #4
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,536

Rep: Reputation: 148Reputation: 148
You're welcome.

FireHOL is a likely source. You don't configure it by accessing iptables script directly. Instead look into the configuration file and check the logging options.
 
Old 03-18-2007, 04:01 PM   #5
ErrorBound
Member
 
Registered: Apr 2006
Posts: 280

Original Poster
Rep: Reputation: 31
This was fixed by adding the following line to the very end of firehol.conf:
Code:
FIREHOL_LOG_LEVEL="3"
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
/var/log/auth.log entries buehler Linux - Security 1 04-23-2005 04:45 PM
Message from syslogd@localhost localhost kernel: Disabling IRQ #21 ylts Linux - Hardware 0 02-26-2005 08:01 AM
Cutting down on log entries. koody Linux - Software 5 08-13-2004 04:24 AM
log entries robert1963 Linux - Security 1 03-28-2004 04:37 PM
question regarding log entries epeus Linux - Security 6 01-09-2003 05:59 AM


All times are GMT -5. The time now is 03:24 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration