LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Strange messages in console (http://www.linuxquestions.org/questions/linux-networking-3/strange-messages-in-console-351603/)

kenneho 08-09-2005 04:28 PM

Strange messages in console
 
Messages like this(under) keep appearing in tty6 (ctr+alt+F6), tty5 and so forth. Even during boot these appear.

Aug 9 21:52:43 localhost kernel: DROPPED IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:c0:08:40:c8:42:18:00 SRC=30.344.15.240 DST=30.344.15.255 LEN=220 TOS=0x00 PREC=0x00 TTL=128 ID=10622 PROTO=UDP SPT=138 DPT=138 LEN=200


These messages evidently has something to do with my ethernet-interface, but what? And why are they appearing during startup etc?

There was another thread here on linuxquestions that discussed the same subject, and one theory was that it was some kind of virus or worm on the LAN that made the machines ping my machine to search for vulnerable machines to attack. Is this right? It looks like the sources(SRC=***) are different machines on the LAN, but is the theory correct?
Anyways, how can I stop these messages from filling up my /var/log/messages-file, and consoles?

leonscape 08-09-2005 04:55 PM

These look like firewall messages from iptables. Its basically telling you that it caught stuff trying to talk to the NETBIOS port and dropped them.

kenneho 08-09-2005 05:15 PM

I see.

But how can I stop the console output?

leonscape 08-09-2005 05:34 PM

You need to set the Linux kernel logging level, try 3.

dmesg -n5

or you can use ulogd which you can use to redirect the messages. Or if you use something like Guarddog, or shorewall to setup you firewall, they usually have options to either suppress or redirect these messages.

Brian1 08-09-2005 06:21 PM

The line is an output from the iptables or also know as your firewall.

The logs are sent to the /dev/console when they pop up becuase more that likely in your /etc/syslogd.conf contains something like this.

Code:

kern.*                                                        /dev/console
To stop it you will need to stop the syslogd daemon. normally in redhat/fc* I use the command minus the ' ' as ' service syslogd stop '. Now as root edit /etc/syslogd and add a ' # ' infront of the line and save it. Example
Code:

#kern.*                                                        /dev/console
Or one could change the level of kern to say kern.error. Example
Code:

#kern.error                                                        /dev/console
Reason is most iptables defualt logging level is usually kern.warning some times kern.notice which are both lower level signals. This can be defined in the firewall script. So what will happen now is there will only be a display like above from apps sending to the kern at error or higher level.

This is the what kern levels are with the first being least important to top priorty. kern.debug, kern.info, kern.notice, kern.warning, kern.error, kern.crit, kern.alert, kern.panic.

Now what will happen if a siganl is sent as kern.warning or lower it will not be displayed. So if there one sent in the lower range you will not see it.

Once edited restart syslogd ' service syslogd start '.

If you wish not to mess with that and you know where your iptables script is then remove the -j LOG at the end of the lines.

Hope this helps
Brian1

kenneho 08-11-2005 08:00 PM

I configured my firewall (Guarddog) to not log blocked packets, and the rubbish output has stopped. Accidentally, I also executed the "dmesg" command. What exactly does dmesg do?

Brian1 08-12-2005 04:23 PM

This ought to explain it. http://linuxgazette.net/issue59/nazario.html

Brian1


All times are GMT -5. The time now is 06:41 AM.