LinuxQuestions.org
Support LQ: Use code LQCO20 and save 20% on CrossOver Office
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Huge Firewall Log Files
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 01-29-2004, 07:19 AM   #1
seanfitz
Member
 
Registered: Mar 2003
Posts: 37

Rep: Reputation: 15
Huge Firewall Log Files

Hi, I am using GuardDog to configure my Firewall. It is easy to use and seems to work well. However it is generating huge log files. eg.:-

Jan 28 09:31:21 linux kernel: ABORTED IN=eth1 OUT= MAC=00:40:f4:5e:f9:d8:00:40:f4:5e:f3:87:08:00 SRC=10.0.0.40 DST=10.0.0.1 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=39434 DF PROTO=TCP SPT=1084 DPT=3128 WINDOW=0 RES=0x00 RST URGP=0
Jan 28 09:31:21 linux kernel: ABORTED IN=eth1 OUT= MAC=00:40:f4:5e:f9:d8:00:40:f4:5e:f3:87:08:00 SRC=10.0.0.40 DST=10.0.0.1 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=39690 DF PROTO=TCP SPT=1085 DPT=3128 WINDOW=0 RES=0x00 RST URGP=0

There is voulmes of this stuff and to be quite honest I do not know what any of it means. I have all the log options turned off in GuardDog but to no avail.

Any ideas out there?

Regards,
Sean
 
Old 01-29-2004, 10:23 AM   #2
aclaunch
Member
 
Registered: Sep 2003
Posts: 91

Rep: Reputation: 15
This is not from Guarddog specifically but probably a part of /var/log /messages from syslog I believe. The various fields show various hits on the firewall. SRC is the source address, DST is the destination address, PROTO is the protocol used (either UDP or TCP ususally). Lots of these are just routine traffic, you can tell what is from outside the firewall versus inside the firewall by the SRC addresses. There is a function called logrotate which you can configure and you can also just periodically empty the logs manually yourself.

Good Luck
Alan
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to deal with huge swp files such as .store.log.2.swp from squid directory? Niceman2005 Linux - General 2 11-01-2005 07:25 AM
huge log files - how do i shortn them? rosscopeeko Linux - General 2 03-30-2004 09:59 AM
Log files for Firewall 2.4 DaemonWrightis Linux - Networking 1 02-26-2004 06:22 AM
Huge log files altor Linux - Newbie 4 09-03-2003 08:40 AM
HUGE sendmail log magyartoth Linux - General 2 02-19-2002 08:00 AM


All times are GMT -5. The time now is 06:11 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration