LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 09-04-2009, 01:30 PM   #1
geropero
LQ Newbie
 
Registered: Sep 2009
Posts: 4

Rep: Reputation: 0
What those IP's mean in /var/log/syslog ?


Hi i am a noob.

I've seen some tut about monitoring server with using tail -f /var/log/syslog, and there are some ip addresses in the field "source".

I wanna know what those ip's mean .

tnx
 
Old 09-04-2009, 01:32 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
They would presumably be the source IP address of whatever the log entry means. A logfile can contains thousands of different kinds of log... care to give us a sample??
 
Old 09-04-2009, 01:33 PM   #3
geropero
LQ Newbie
 
Registered: Sep 2009
Posts: 4

Original Poster
Rep: Reputation: 0
Sep 5 20:30:17 (none) kernel: IN=ppp0 OUT= MAC= SRC=77.29.207.89 DST=77.29.1xx.56 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=48737 DF PROTO=TCP SPT=4488 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0

smth like this ?
 
Old 09-04-2009, 01:36 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
smth??

That's an iptables log, generally you wouldn't want these entries. run "dmesg -n1" and they'll go away temporarily. Alternatively modify your iptables not to log.

Last edited by acid_kewpie; 09-04-2009 at 01:41 PM.
 
Old 09-04-2009, 01:38 PM   #5
geropero
LQ Newbie
 
Registered: Sep 2009
Posts: 4

Original Poster
Rep: Reputation: 0
Okay tnx
But can you tell me what that means ? What those ip's have done so they got into my log file?
 
Old 09-04-2009, 02:25 PM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
they hit a deny rule on your iptables. run iptables -L -n -v to see your current ruleset. the destination port there is 1433, which is MS SQL I believe... probably a port scan of an internet facing device, or maybe bad port forwarding to a "DMZ" host if you are behind a noddy ADSL router.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
/var/log/syslog messages. gbowden Slackware 2 02-25-2006 05:00 PM
my /var/log/syslog only logs the last 12 hours or so ALInux Linux - General 4 02-11-2006 10:53 AM
Normal /var/log/syslog?? jimdaworm Slackware 2 02-03-2005 09:32 PM
/var/log/syslog George666 Slackware 4 03-19-2004 07:34 AM
re: where is /var/log/syslog ergo_sum Red Hat 10 11-04-2003 06:27 PM


All times are GMT -5. The time now is 01:02 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration