I looked at my firewall's /var/log/messages log and it's about 8mb and climbing 10K about every 1 minute. I looked at it and noticed almost all lines relate to SuSE-FW-DROP-DEFAULT which are caused by other computers sniffing around. How can I reduce these so that those lines are not included? I imagine this would reduce my files and reduce my processor work.???? Thanks, Tom -- Tom Nielsen Neuro Logic Systems 805.389.5435 x18 www.neuro-logic.com
On Wednesday 26 November 2003 18:16, Tom Nielsen wrote:
I looked at my firewall's /var/log/messages log and it's about 8mb and climbing 10K about every 1 minute. I looked at it and noticed almost all lines relate to SuSE-FW-DROP-DEFAULT which are caused by other computers sniffing around.
How can I reduce these so that those lines are not included? I imagine this would reduce my files and reduce my processor work.????
Thanks, Tom
Check your settings for logging on firewall2. -- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 11/26/03 18:20 + +----------------------------------------------------------------------------+ "It is better to wear out than to rust out."
On Wed, 2003-11-26 at 15:20, Bruce Marshall wrote:
On Wednesday 26 November 2003 18:16, Tom Nielsen wrote:
I looked at my firewall's /var/log/messages log and it's about 8mb and climbing 10K about every 1 minute. I looked at it and noticed almost all lines relate to SuSE-FW-DROP-DEFAULT which are caused by other computers sniffing around.
How can I reduce these so that those lines are not included? I imagine this would reduce my files and reduce my processor work.????
Thanks, Tom
Check your settings for logging on firewall2.
Using SuSE 8.2 on the firewall. I still couldn't find anything relating to logging. Sorry. Tom -- Tom Nielsen Neuro Logic Systems 805.389.5435 x18 www.neuro-logic.com
On Wednesday 26 November 2003 18:27, Tom Nielsen wrote:
On Wed, 2003-11-26 at 15:20, Bruce Marshall wrote:
On Wednesday 26 November 2003 18:16, Tom Nielsen wrote:
I looked at my firewall's /var/log/messages log and it's about 8mb and climbing 10K about every 1 minute. I looked at it and noticed almost all lines relate to SuSE-FW-DROP-DEFAULT which are caused by other computers sniffing around.
How can I reduce these so that those lines are not included? I imagine this would reduce my files and reduce my processor work.????
Thanks, Tom
Check your settings for logging on firewall2.
Using SuSE 8.2 on the firewall. I still couldn't find anything relating to logging. Sorry.
Tom
Well it took me all of two minutes to go into YAST and find that the setup for the firewall has (step 4 of 4) which deals with logging. And I don't even use SuSEfirewall2. -- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 11/26/03 18:46 + +----------------------------------------------------------------------------+ "If one synchronized swimmer drowns, do the rest have to drown too?"
On Wed, 2003-11-26 at 15:47, Bruce Marshall wrote:
On Wednesday 26 November 2003 18:27, Tom Nielsen wrote:
On Wed, 2003-11-26 at 15:20, Bruce Marshall wrote:
On Wednesday 26 November 2003 18:16, Tom Nielsen wrote:
I looked at my firewall's /var/log/messages log and it's about 8mb and climbing 10K about every 1 minute. I looked at it and noticed almost all lines relate to SuSE-FW-DROP-DEFAULT which are caused by other computers sniffing around.
How can I reduce these so that those lines are not included? I imagine this would reduce my files and reduce my processor work.????
Thanks, Tom
Check your settings for logging on firewall2.
Using SuSE 8.2 on the firewall. I still couldn't find anything relating to logging. Sorry.
Tom
Well it took me all of two minutes to go into YAST and find that the setup for the firewall has (step 4 of 4) which deals with logging.
And I don't even use SuSEfirewall2.
Whoa! A little lag on this email. I didn't use yast, but just looked in the susefirewall2 config file. I agree, it took me a couple minutes but I found it. I was missing the "log" part. Duh! Thanks, Tom -- Tom Nielsen Neuro Logic Systems 805.389.5435 x18 www.neuro-logic.com
On Wed, 2003-11-26 at 15:20, Bruce Marshall wrote:
On Wednesday 26 November 2003 18:16, Tom Nielsen wrote:
I looked at my firewall's /var/log/messages log and it's about 8mb and climbing 10K about every 1 minute. I looked at it and noticed almost all lines relate to SuSE-FW-DROP-DEFAULT which are caused by other computers sniffing around.
How can I reduce these so that those lines are not included? I imagine this would reduce my files and reduce my processor work.????
Thanks, Tom
Check your settings for logging on firewall2.
My last email sounded stupid. Let me check. T -- Tom Nielsen Neuro Logic Systems 805.389.5435 x18 www.neuro-logic.com
Thanks, Bruce - I noticed something say log_drop...said, no...looks like that's it. Thanks On Wed, 2003-11-26 at 15:20, Bruce Marshall wrote:
On Wednesday 26 November 2003 18:16, Tom Nielsen wrote:
I looked at my firewall's /var/log/messages log and it's about 8mb and climbing 10K about every 1 minute. I looked at it and noticed almost all lines relate to SuSE-FW-DROP-DEFAULT which are caused by other computers sniffing around.
How can I reduce these so that those lines are not included? I imagine this would reduce my files and reduce my processor work.????
Thanks, Tom
Check your settings for logging on firewall2.
-- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 11/26/03 18:20 + +----------------------------------------------------------------------------+ "It is better to wear out than to rust out."
-- Tom Nielsen Neuro Logic Systems 805.389.5435 x18 www.neuro-logic.com
The Wednesday 2003-11-26 at 15:16 -0800, Tom Nielsen wrote:
I looked at my firewall's /var/log/messages log and it's about 8mb and climbing 10K about every 1 minute. I looked at it and noticed almost all lines relate to SuSE-FW-DROP-DEFAULT which are caused by other computers sniffing around.
Aside from what you have already been told, you can configure what goes to /var/log/messsages, in /etc/syslog.conf. The default is: *.*;mail.none;news.none -/var/log/messages meaning everything except mail and news logs. I changed it to: *.*;kern.none;mail.none;news.none;\ local0,local0,local2,local3,\ local4,local5,local6,local7.none; -/var/log/messages This removes, mainly, kernel messages (firewall included). Then I add: kern.* -/var/log/kernel Or comment it out, depends on you - it can be huge sometimes; the firewall entries will go to '/var/log/warn' anyways. local0,local1.* -/var/log/localmessages local2,local3.* -/var/log/localmessages local4,local5.* -/var/log/localmessages local6,local7.* -/var/log/localmessages Of course, then I have to configure logrotate to take care of new log files; but the result is a smaller '/var/log/messages' file. More info in man syslog.conf(5) -- Cheers, Carlos Robinson
I should probably integrate this with /etc/sysconfig/scripts/ SuSEfirewall2-custom, but I use the following to discard some of the uninteresting traffic prior to SuSEfirewall2 logging: #!/bin/sh -x iptables -F msrpc iptables -N msrpc iptables -A msrpc -p tcp -m tcp --dport 135 -j DROP iptables -A msrpc -p tcp -m tcp --dport 136 -j DROP iptables -A msrpc -p tcp -m tcp --dport 137 -j DROP iptables -A msrpc -p tcp -m tcp --dport 138 -j DROP iptables -A msrpc -p tcp -m tcp --dport 139 -j DROP iptables -A msrpc -p tcp -m tcp --dport 445 -j DROP iptables -A msrpc -p tcp -m tcp --dport 593 -j DROP iptables -I INPUT -i eth0 -j msrpc
participants (4)
-
Bruce Marshall -
Carlos E. R. -
Gary Gapinski -
Tom Nielsen