Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
There are a few Windows machines on my subnet and my logs are FULL of hits that I do not want to log. I get hit at least every ten seconds. Those are not my machines and I have no control over them.
How can I stop logging this? For example, a machine on my subnet constantly hitting me from source port 1919 to destination port 5000?
I know about grepping logs and such, but I'd like to reduce the volume of logging. Or, if that's a stupid idea, please explain why. Thanks.
If you don't want to log something then just drop the packets without logging: Just make sure that the rule that drops the packets comes before the rule that logs it. With iptables the chains are traversed from top to bottom until a match is found. The first match usually terminates the traversal of the chain. So that when your last rule in a chain has a LOG target this wouldn't log the packets that were dropped earlier in the chain.
Another way is to use rate limits. If for instance you don't want to be flooded by broadcasts on tcp port 137 but you still want to know if they hit you from time to time use
This just for the record: A log entry every ten seconds is nothing. If that makes your logs grow to big then you should seriously reconsider your logrotate.conf
It's not that my logs are too big, it's that my computer is online 24/7 and it seems pointless to keep logging this one noisy Windows box on my subnet that is of no interest to me.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.