kernel logging network traffic
Dag Wieers
dag at wieers.com
Mon Feb 20 06:41:26 UTC 2006
On Sun, 19 Feb 2006, Chris Hare wrote:
> I am seeing messages such as these in /var/log/messages
>
> Feb 19 23:38:06 radio kernel: Inbound IN=eth0 OUT=
> MAC=00:20:ed:17:25:3d:00:11:1
> 1:2b:ad:cc:08:00 SRC=192.168.1.20 DST=192.168.1.21 LEN=48 TOS=0x00 PREC=0x00
> TTL
> =128 ID=7875 DF PROTO=TCP SPT=3221 DPT=1984 WINDOW=65535 RES=0x00 SYN URGP=0
>
> Not sure what I did to turn this on, but I would really like to disable it
> .....
>
> Any ideas where it is coming from and how to stop it?
Check man iptables and search for LOG
LOG
Turn on kernel logging of matching packets. When this option is
set for a rule, the Linux kernel will print some information on
all matching packets (like most IP header fields) via the kernel
log (where it can be read with dmesg or syslogd(8)). This is a
"non-terminating target", i.e. rule traversal continues at the
next rule. So if you want to LOG the packets you refuse, use two
separate rules with the same matching criteria, first using target
LOG then DROP (or REJECT).
--log-level level
Level of logging (numeric or see syslog.conf(5)).
--log-prefix prefix
Prefix log messages with the specified prefix; up to 29
letters long, and useful for distinguishing messages in the
logs.
--log-tcp-sequence
Log TCP sequence numbers. This is a security risk if the log
is readable by users.
--log-tcp-options
Log options from the TCP packet header.
--log-ip-options
Log options from the IP packet header.
Kind regards,
-- dag wieers, dag at wieers.com, http://dag.wieers.com/ --
[all I want is a warm bed and a kind word and unlimited power]
More information about the redhat-list
mailing list