What those IP's mean in /var/log/syslog ?
Hi i am a noob.
I've seen some tut about monitoring server with using tail -f /var/log/syslog, and there are some ip addresses in the field "source". I wanna know what those ip's mean . tnx |
They would presumably be the source IP address of whatever the log entry means. A logfile can contains thousands of different kinds of log... care to give us a sample??
|
Sep 5 20:30:17 (none) kernel: IN=ppp0 OUT= MAC= SRC=77.29.207.89 DST=77.29.1xx.56 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=48737 DF PROTO=TCP SPT=4488 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0
smth like this ? |
smth??
That's an iptables log, generally you wouldn't want these entries. run "dmesg -n1" and they'll go away temporarily. Alternatively modify your iptables not to log. |
Okay tnx
But can you tell me what that means ? What those ip's have done so they got into my log file? |
they hit a deny rule on your iptables. run iptables -L -n -v to see your current ruleset. the destination port there is 1433, which is MS SQL I believe... probably a port scan of an internet facing device, or maybe bad port forwarding to a "DMZ" host if you are behind a noddy ADSL router.
|
All times are GMT -5. The time now is 10:52 PM. |