Quote:
Originally Posted by dman777
Hello,
I have my routers log messages go to my desktop. What is the recommend level that it should be set at? Currently I have it set to low, but the log is still filling up quickly with ACCEPT messages.
How important are the ACCEPT messages?
Also, can someone decipher this message/tell me how to read it please?
ACCEPT IN=br0 OUT= MAC=ad:ce:c5:21:d4:84:53:14:1a:19:21:23:08:00 SRC=192.168.1.20 DST=192.168.1.1
LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=31133 DF PROTO=UDP SPT=41421 DPT=53 LEN=50
|
Googling something like 'IP packet desricption' will give you a choice or sources to learn about what the fields in an IP packet mean which should help you to makes sense of messages like these.
But here is a freebee to get you going, ;^)
Code:
ACCEPT IN=br0 OUT= MAC=ad:ce:c5:21:d4:84:53:14:1a:19:21:23:08:00 SRC=192.168.1.20 DST=192.168.1.1
LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=31133 DF PROTO=UDP SPT=41421 DPT=53 LEN=50
A packet was accepted on interface br0.
The originating IP was 192.168.1.20
The IP the packet was sent to was 192.168.1.1
The packet len was 70 bytes
The TOS bit in the packet was 0, the PREC bit was 0
The TTL on the packet was 64
The packet should not be fragmented
It was a UDP packet.
The source port was 41421
The target port was 53
The UDP frame was 50 bytes.
It looks like it was a DNS packet sent to you router, based on the target IP and target port number (port 53 is used for DNS servers)
As far as as what level logging you should use, I can't say as I don't know what router you are using and what options it provides. This particular message looks like a firewall log message which is often controlled seperately through the firewall settings.