On an ALIX LEAF 5.1.1 shorewall.log just keeps increasing in size each
day. Anyone notice this or know the solution.
Victor
--
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted t
Hello,
I need to place this in /etc/default/local.start to make the title/body lineup
properly:
sed -i 's/Shorewall:--;$/Shorewall:--; s-kernel: --; s-\\[.*\\] --;/'
/var/webconf/www/logfiles.cgi
Cheers!
Kwon
--
Live Se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jim Ford wrote:
> Any tips regarding spotting genuine attacks on a Bering UClib box, rather
> than 'noise'? Are there any 'dead giveaway' ports or IP addresses?
>
> Jim Ford
Jim,
That's hard to answer because the pattern changes over time. What I
Any tips regarding spotting genuine attacks on a Bering UClib box, rather
than 'noise'? Are there any 'dead giveaway' ports or IP addresses?
Jim Ford
---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problem
clue on an interesting problem.
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
You should check if the environment variable PATH inside that cron-job
is exactly the same like it is, when you issue your command directly.
cron always has its own PATH-variable set for security r
G'day folks. Happy New Year.
I am hoping someone is still out there that might be able to give me a
clue on an interesting problem.
I have these scripts in my cron.daily directory:
-rwxr-xr-x1 root root 3552 Jan 13 10:36 multicron-d
-rwxr-xr-x1 root root 169 J
Stirling Westrup wrote:
Now machine .17 is a windows box and the tunnel application its running is
proprietary, so there's not a lot of configuring I can do there. This means
I'm stuck with this perverse situation. How should I configure my firewall to
cope?
http://shorewall.net/Multiple_Zones.
On 5 Jul 2004 at 8:29, Ronny Aasen wrote:
> On Sat, 2004-07-03 at 05:15, Stirling Westrup wrote:
> > I understand most of the log messages I see from Shorewall, but I keep
> > getting a bunch of this form:
> >
> > Dec 31 19:00:00 creaky Shorewall:all2all:REJECT: IN= OUT=eth1 MAC=
> > SRC=192.168
On Sat, 2004-07-03 at 05:15, Stirling Westrup wrote:
> I understand most of the log messages I see from Shorewall, but I keep
> getting a bunch of this form:
>
> Dec 31 19:00:00 creaky Shorewall:all2all:REJECT: IN= OUT=eth1 MAC=
> SRC=192.168.1.254 DST=192.168.1.17 LEN=241 TOS=00 PREC=0x00 TTL=6
I understand most of the log messages I see from Shorewall, but I keep
getting a bunch of this form:
Dec 31 19:00:00 creaky Shorewall:all2all:REJECT: IN= OUT=eth1 MAC=
SRC=192.168.1.254 DST=192.168.1.17 LEN=241 TOS=00 PREC=0x00 TTL=64 ID=10067
PROTO=ICMP TYPE=5 CODE=1 GATEWAY=192.168.1.17
My q
On Wednesday 17 March 2004 07:11 am, Tom Eastep wrote:
>
> When I find the time, I'll clone that description in the shorewall.conf
> documentation.
>
See http://shorewall.net/Documentation.htm#Conf
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ htt
On Tuesday 16 March 2004 08:48 pm, David Pitts wrote:
>
> Is there any way to have Shorewall do that itself? I don't really
> understand what Lograte and Logburst in Shorewall.conf do.
>
There is a simple explanation of log rate limiting in the Shorewall
Documentation for the rules file
(http:
Hi folks. Easy question for you!
I am running Bering uClib latest version with HSorewall 1.4.9 and I
would like to reduce the huge number of entries in my logs that seem
repetitive and contain no new information. It makes them hard to read.
I would like to be able to parse my logs and modify my
On Saturday 20 December 2003 05:44 pm, Kory Krofft wrote:
> I think I need to add
> DROPnet fw icmp8
> to my rules file just to keep from logging the entries and filling up
> my logs. Correct?
Yes, as recommended at http://www.shorewall.net/ping.html
-Tom
A little confirmation please. I am getting hundreds of the following
sequences in my shorewall logs:
DST=24.210.193.152 LEN=92 TOS=00 PREC=0x00 TTL=112 ID=36907
PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=36509
Dec 20 20:41:33 markii Shorewall:net2all:DROP: IN=eth0 OUT=
MAC=00:a0:c9:9c:a7:a7:00:05:74:f1:f
On Sat, 29 Mar 2003 [EMAIL PROTECTED] wrote:
> Port 445 is Win2K's backup for the smb related netbios ports
> 135;137 & 139.
>
> If eth0 is your internet attached interface someone is probably trying to
> get some netbios related info from your machine & the firewall is blocking
> it as it should
Original Message --
>To: Phil Faris <[EMAIL PROTECTED]>,[EMAIL PROTECTED]
>From: Ray Olszewski <[EMAIL PROTECTED]>
>Subject: Re: [leaf-user] Shorewall log
>Date: Sat, 29 Mar 2003 10:14:28 -0800
>
>
>At 09:08 AM 3/29/2003 -0800, Phil Faris wrote:
>>Can anyone te
At 09:08 AM 3/29/2003 -0800, Phil Faris wrote:
Can anyone tell me what this Shorewall log entry means? I get about fifty
to sixty hits like this every day.
Mar 29 16:12:57 Gateway Shorewall:net2all:DROP: IN=eth0 OUT=
MAC=00:20:af:38:31:c5:00:10:67:00:b5:6b:08:00 SRC=64.214.177.149
DST=209.233
Phil Faris <[EMAIL PROTECTED]> schrieb:
>Can anyone tell me what this Shorewall log entry means? I get about
>fifty
>to sixty hits like this every day.
>
>Mar 29 16:12:57 Gateway Shorewall:net2all:DROP: IN=eth0 OUT=
>MAC=00:20:af:38:31:c5:00:10:67:00:b5:6b:08:00 SRC=64.214.177.149
>DST=209.23
me if I've led you astray...
Regards
Nick
> -Original Message-
> From: Phil Faris [mailto:[EMAIL PROTECTED]
> Sent: 29 March 2003 17:08
> To: [EMAIL PROTECTED]
> Subject: [leaf-user] Shorewall log
>
>
> Can anyone tell me what this Shorewall log entry means?
Can anyone tell me what this Shorewall log entry means? I get about fifty
to sixty hits like this every day.
Mar 29 16:12:57 Gateway Shorewall:net2all:DROP: IN=eth0 OUT=
MAC=00:20:af:38:31:c5:00:10:67:00:b5:6b:08:00 SRC=64.214.177.149
DST=209.233.16.123 LEN=48 TOS=00 PREC=0x00 TTL=111 ID=2828
21 matches
Mail list logo
