RE: [newbie] Firewall logs getting too big
Hey Harm, As it is an old machine I hope you have a backup. It could be your disk is also on the way out if it is making such a racket. Although I admit I also have polling every 3 seconds from edonkey 4662 port. It is a real bind. Peter -- [EMAIL PROTECTED] FR Mobile: +33 (0)6 0874 8707(preferred) UK Mobile: +44 (0)7960 160 173 Msg service: voice: +44 (0)7050 685 985 fax__: +44 (0)7050 685 986 Oracle Architect Latest CV http://www.lomax.cc/users/peter/business_section.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of H.J.Bathoorn Sent: 13 March 2003 00:53 To: [EMAIL PROTECTED] Subject: Re: [newbie] Firewall logs getting too big On Tuesday 11 March 2003 13:34, mycal62 wrote: this is what that port does : efs 520/tcpextended file name server router 520/udplocal routing process (on site); # uses variant of Xerox NS routing # information protocol - RIP here's a handy reference to all ports and their use : http://www.iana.org/assignments/port-numbers Mike I've been there, though I must admit I'm not sure what exactly is meant by (on site). My poblem is how to get rid of all these log entries. Reading the logs isn't the real problem 'cause filtering out port 520 using grep -v works quit well. When the (400Mb) HD gets to 100% full everything gets quiet but then I don't get anymore logs. Like I said all this logging activity makes a lot of noise as well. My firewall is an old P133 with smoothwall on it. AL the fans have been removed leaving only the HD that physically moves/makes noise and I've even packed that in isolation foam. Especially early mornings, when I feel lucky if I find the coffee machine without falling down the cellar-stairs first, I tend to get nerved by the clicketyclicking. Frankly, those are the realy serious mornings 'cause we don't even have a cellar here being below sea-level:o( I would like to block these scans from my ISP but like I said I'm not sure what the consequences might be. These boxes are up 24/24 and I'm away quite often i.e. don't have physical acces so I have to be 100% sure of what I'm doing. Not logging these scans was a sort of compromise (with maybe a slight risk) from my point of view but I don't know how to do that. Good hunting, HarM Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewall logs getting too big
On Tuesday 11 March 2003 13:34, mycal62 wrote: this is what that port does : efs 520/tcpextended file name server router 520/udplocal routing process (on site); # uses variant of Xerox NS routing # information protocol - RIP here's a handy reference to all ports and their use : http://www.iana.org/assignments/port-numbers Mike I've been there, though I must admit I'm not sure what exactly is meant by (on site). My poblem is how to get rid of all these log entries. Reading the logs isn't the real problem 'cause filtering out port 520 using grep -v works quit well. When the (400Mb) HD gets to 100% full everything gets quiet but then I don't get anymore logs. Like I said all this logging activity makes a lot of noise as well. My firewall is an old P133 with smoothwall on it. AL the fans have been removed leaving only the HD that physically moves/makes noise and I've even packed that in isolation foam. Especially early mornings, when I feel lucky if I find the coffee machine without falling down the cellar-stairs first, I tend to get nerved by the clicketyclicking. Frankly, those are the realy serious mornings 'cause we don't even have a cellar here being below sea-level:o( I would like to block these scans from my ISP but like I said I'm not sure what the consequences might be. These boxes are up 24/24 and I'm away quite often i.e. don't have physical acces so I have to be 100% sure of what I'm doing. Not logging these scans was a sort of compromise (with maybe a slight risk) from my point of view but I don't know how to do that. Good hunting, HarM Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewall logs getting too big
On Tuesday 11 Mar 2003 11:18 pm, H.J.Bathoorn wrote: Hello all, Going through my firewall logs tends to get tedious i.e. the logfiles too big because of the recurring nameserver scans by my IP on port 520. Not only that but this permanent logging causes constant disk activity and thus noise!:o( Anybody got any simple pointers how to put a stop to this? I suppose I could just block all these probes I'm just not sure what effect that'll have though. Just not having these probes being logged would suffice methinks. Well at least it'll save the trouble of clearing out the HD every month and reduce the noise. For any rule you do not want logged make sure that the rule does not state 'info' TIA, HarM If you are using shorewall then you can edit /etc/shorewall/policy and remove 'info' from the logging policy. Then restart shorewall. Another thing you could do is run fwlogwatch to go through your logs for you and send you a weekly condensed email. You can find it on your CDs derek -- -- www.jennings.homelinux.net Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Firewall logs getting too big
this is what that port does : efs 520/tcpextended file name server router 520/udplocal routing process (on site); # uses variant of Xerox NS routing # information protocol - RIP here's a handy reference to all ports and their use : http://www.iana.org/assignments/port-numbers Mike H.J.Bathoorn wrote: Hello all, Going through my firewall logs tends to get tedious i.e. the logfiles too big because of the recurring nameserver scans by my IP on port 520. Not only that but this permanent logging causes constant disk activity and thus noise!:o( Anybody got any simple pointers how to put a stop to this? I suppose I could just block all these probes I'm just not sure what effect that'll have though. Just not having these probes being logged would suffice methinks. Well at least it'll save the trouble of clearing out the HD every month and reduce the noise. TIA, HarM Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com