[sclug] Gumpf in logcheck
Andy Smith
andy at lug.org.uk
Tue Jun 17 15:29:29 UTC 2008
Hi Tim,
On Tue, Jun 17, 2008 at 05:21:49PM +0200, Tim Sutton wrote:
> Every hour logcheck sends me an email report. For the most part I get
> stuff like this:
>
> Jun 17 02:04:08 linfiniti kernel: IN=eth0 OUT=
> MAC=00:13:20:17:d8:bb:00:1c:58:31:53:7f:08:00 SRC=64.246.48.73
> DST=89.127.144.227 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=4954 DF
> PROTO=TCP SPT=1780 DPT=32000 WINDOW=65535 RES=0x00 SYN URGP=0
[...]
> 1) what do they mean (in plain english)?
The above is a packet hitting an iptables LOG rule.
> 2) if they are no cause for concern, how can I get rid of them?
Either adjust your iptables rules so as to not log things you don't care to
have logged, or else adjust your logcheck rules to not mail you
about them.
> I'm hoping to pare down the logcheck reports to include just things I
> should actually be concerned about....or maybe thats exactly what its
> doing ....
Everybody's priorities are different and the logcheck maintainers
just have one view. Almost everyone will need to add or remove
logcheck rules to their taste.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
Encrypted mail welcome - keyid 0x604DE5DB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://sclug.org.uk/pipermail/sclug/attachments/20080617/6708488f/attachment.bin
More information about the Sclug
mailing list