What those IP's mean in /var/log/syslog ?
 

Hi i am a noob.

I've seen some tut about monitoring server with using tail -f /var/log/syslog, and there are some ip addresses in the field "source".

I wanna know what those ip's mean .

tnx

They would presumably be the source IP address of whatever the log entry means. A logfile can contains thousands of different kinds of log... care to give us a sample??

Sep 5 20:30:17 (none) kernel: IN=ppp0 OUT= MAC= SRC=77.29.207.89 DST=77.29.1xx.56 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=48737 DF PROTO=TCP SPT=4488 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0

smth like this ?

smth??

That's an iptables log, generally you wouldn't want these entries. run "dmesg -n1" and they'll go away temporarily. Alternatively modify your iptables not to log.

Okay tnx
But can you tell me what that means ? What those ip's have done so they got into my log file?

they hit a deny rule on your iptables. run iptables -L -n -v to see your current ruleset. the destination port there is 1433, which is MS SQL I believe... probably a port scan of an internet facing device, or maybe bad port forwarding to a "DMZ" host if you are behind a noddy ADSL router.