EFW Support

Support => General Support => Topic started by: jpgillivan on Friday 29 May 2009, 01:19:52 am


Title: Need help Interpreting firewall logs
Post by: jpgillivan on Friday 29 May 2009, 01:19:52 am
I need some advice on interpreting the firewall logs. 

What does this really tell me and what to interpret from the log...
On the second item i copied a very short list.  the actual log is much, much longer.  Is this typical?

First item, Summary log: 
Listed by source hosts:
 Dropped 25 packets on interface br0
   From 192.168.35.25 - 6 packets to key_udp(1947)
   From 192.168.35.36 - 1 packet to key_udp(138)
   From 192.168.35.72 - 1 packet to key_udp(138)
   From 192.168.35.73 - 3 packets to key_udp(137)


Second item, firewall log:
Time     Chain     Iface     Proto     Source     Src port     MAC address     Destination     Dst port
May 28 11:05:26    INPUT:DROP    lo    KEY_TCP    
127.0.0.1
   9999    :::::    
127.0.0.1
   49918
May 28 11:05:29    INPUTFW:DROP    br0    KEY_UDP    
192.168.35.79
   64557    ff:ff:14:00:03:00    
255.255.255.255
   34447
May 28 11:05:31    FORWARD:DROP    br0    KEY_UDP    
192.168.35.79
   55837    ff:ff:14:00:03:00    
192.168.2.2
   161
May 28 11:05:33    INPUTFW:DROP    br0    KEY_UDP    
192.168.35.79
   64558    ff:ff:14:00:03:00    
255.255.255.255
   34447
May 28 11:05:37    INPUT:DROP    eth1    KEY_TCP    
24.95.68.234
   2620    ff:ff:14:00:03:00    
12.171.236.66
   8010
May 28 11:05:39    INPUTFW:DROP    br0    KEY_UDP    
192.168.35.201
   68    ff:ff:14:00:03:00    
255.255.255.255
   67
May 28 11:05:40    INPUT:DROP    eth1    KEY_TCP    
24.95.68.234
   2620    ff:ff:14:00:03:00    
12.171.236.66
   8010
May 28 11:05:45    INPUTFW:DROP    br0    KEY_UDP    
192.168.35.7
   68    ff:ff:14:00:03:00    
255.255.255.255
   67
May 28 11:05:49    INPUT:DROP    lo    KEY_TCP    
127.0.0.1
   9999    :::::    
127.0.0.1
   39093
May 28 11:05:53    INPUTFW:DROP    br0    KEY_UDP    
192.168.35.79
   64563    ff:ff:14:00:03:00    
255.255.255.255
   34447
May 28 11:05:59    INPUTFW:DROP    br0    KEY_UDP    
192.168.35.79
   60141    ff:ff:14:00:03:00    
255.255.255.255
   34447
May 28 11:06:03    INPUTFW:DROP    br0    KEY_UDP    
192.168.35.79
   60142    ff:ff:14:00:03:00    
255.255.255.255
   34447
May 28 11:06:09    INPUTFW:DROP    br0    KEY_UDP    
192.168.35.79
   137    ff:ff:14:00:03:00    
192.168.35.255
   137
May 28 11:06:10    FORWARD:DROP    br0    KEY_UDP    
192.168.35.79
   55837    ff:ff:14:00:03:00    
192.168.2.2
   161
May 28 11:06:12    FORWARD:DROP    br0    KEY_UDP    
192.168.35.79
   55837    ff:ff:14:00:03:00    
192.168.2.2
   161


Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media