[opensuse] unexplained halt to firewall logging
My firewall logging stopped last night and I do not know why. Can someone offer suggestions as how to solve this? Below are the last few lines of /var/log/firewall: IN=eth0 OUT= MAC=70:71:bc:e9:03:c0:00:04:5a:55:39:c8:08:00 SRC=192.168.1.3 DST=192.168.1.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=60382 DF PROTO=TCP SPT=861 DPT=58412 WINDOW=4380 RES=0x00 SYN URGP=0 OPT (020405B40402080A1EE825A00000000001030307) Oct 19 20:49:55 Crash kernel: [972587.709723] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=70:71:bc:e9:03:c0:00:04:5a:55:39:c8:08:00 SRC=192.168.1.3 DST=192.168.1.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=62489 DF PROTO=TCP SPT=950 DPT=58412 WINDOW=4380 RES=0x00 SYN URGP=0 OPT (020405B40402080A1F54AAD10000000001030307) Oct 19 20:49:58 Crash kernel: [972590.710922] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=70:71:bc:e9:03:c0:00:04:5a:55:39:c8:08:00 SRC=192.168.1.3 DST=192.168.1.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=62490 DF PROTO=TCP SPT=950 DPT=58412 WINDOW=4380 RES=0x00 SYN URGP=0 OPT (020405B40402080A1F54ADC00000000001030307) Oct 19 20:50:04 Crash kernel: [972596.727250] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=70:71:bc:e9:03:c0:00:04:5a:55:39:c8:08:00 SRC=192.168.1.3 DST=192.168.1.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=62491 DF PROTO=TCP SPT=950 DPT=58412 WINDOW=4380 RES=0x00 SYN URGP=0 OPT (020405B40402080A1F54B3A00000000001030307) Oct 19 20:50:16 Crash kernel: [972608.759836] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=70:71:bc:e9:03:c0:00:04:5a:55:39:c8:08:00 SRC=192.168.1.3 DST=192.168.1.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=62492 DF PROTO=TCP SPT=950 DPT=58412 WINDOW=4380 RES=0x00 SYN URGP=0 OPT (020405B40402080A1F54BF600000000001030307) Oct 19 20:50:40 Crash kernel: [972632.825001] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=70:71:bc:e9:03:c0:00:04:5a:55:39:c8:08:00 SRC=192.168.1.3 DST=192.168.1.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=62493 DF PROTO=TCP SPT=950 DPT=58412 WINDOW=4380 RES=0x00 SYN URGP=0 OPT (020405B40402080A1F54D6E00000000001030307) -- (paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 http://en.opensuse.org openSUSE Community Member Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, 21 Oct 2011 05:55:10 Patrick Shanahan wrote:
My firewall logging stopped last night and I do not know why. Can someone offer suggestions as how to solve this?
Did anything else stop logging at the same time? (e.g. what is the time of the last line in /var/log/messages or /var/log/mail?) Is syslog still running (as root, run "rcsyslog status")? I only ask this because I got caught with syslog failing to run due to incompatibilities in config file formats after updating from 11.2 ->11.4. It's one of those things that you don't notice have stopped until you need a log file and then realise it isn't there... :-) -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au =================================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Rodney Baker <rodney.baker@iinet.net.au> [10-20-11 22:29]:
On Fri, 21 Oct 2011 05:55:10 Patrick Shanahan wrote:
My firewall logging stopped last night and I do not know why. Can someone offer suggestions as how to solve this?
Did anything else stop logging at the same time? (e.g. what is the time of the last line in /var/log/messages or /var/log/mail?)
no, everything in /var/log appears to be updating as expected except firewall.
Is syslog still running (as root, run "rcsyslog status")?
yes and I restarted it just in case. Hasn't made any difference.
I only ask this because I got caught with syslog failing to run due to incompatibilities in config file formats after updating from 11.2 ->11.4. It's one of those things that you don't notice have stopped until you need a log file and then realise it isn't there...
Usually the case :^) tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 http://en.opensuse.org openSUSE Community Member Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Patrick Shanahan <paka@opensuse.org> [10-20-11 22:42]:
* Rodney Baker <rodney.baker@iinet.net.au> [10-20-11 22:29]:
On Fri, 21 Oct 2011 05:55:10 Patrick Shanahan wrote:
My firewall logging stopped last night and I do not know why. Can someone offer suggestions as how to solve this?
Did anything else stop logging at the same time? (e.g. what is the time of the last line in /var/log/messages or /var/log/mail?)
no, everything in /var/log appears to be updating as expected except firewall.
Is syslog still running (as root, run "rcsyslog status")?
yes and I restarted it just in case. Hasn't made any difference.
I only ask this because I got caught with syslog failing to run due to incompatibilities in config file formats after updating from 11.2 ->11.4. It's one of those things that you don't notice have stopped until you need a log file and then realise it isn't there...
Usually the case :^)
kernel upgrade, 3.0.7-45, and system reboot; firewall logging is back but halt still unexplained :^( x86_64 11.4 -- (paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 http://en.opensuse.org openSUSE Community Member Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
Patrick Shanahan -
Rodney Baker