EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Sunday 01 December 2024, 02:54:48 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the Official Endian Bug tracker
HERE
14261
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
General Support
Need help Interpreting firewall logs
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: Need help Interpreting firewall logs (Read 10395 times)
jpgillivan
Full Member
Offline
Posts: 31
Need help Interpreting firewall logs
«
on:
Friday 29 May 2009, 01:19:52 am »
I need some advice on interpreting the firewall logs.
What does this really tell me and what to interpret from the log...
On the second item i copied a very short list. the actual log is much, much longer. Is this typical?
First item, Summary log:
Listed by source hosts:
Dropped 25 packets on interface br0
From 192.168.35.25 - 6 packets to key_udp(1947)
From 192.168.35.36 - 1 packet to key_udp(138)
From 192.168.35.72 - 1 packet to key_udp(138)
From 192.168.35.73 - 3 packets to key_udp(137)
Second item, firewall log:
Time Chain Iface Proto Source Src port MAC address Destination Dst port
May 28 11:05:26 INPUT:DROP lo KEY_TCP
127.0.0.1
9999 :::::
127.0.0.1
49918
May 28 11:05:29 INPUTFW:DROP br0 KEY_UDP
192.168.35.79
64557 ff:ff:14:00:03:00
255.255.255.255
34447
May 28 11:05:31 FORWARD:DROP br0 KEY_UDP
192.168.35.79
55837 ff:ff:14:00:03:00
192.168.2.2
161
May 28 11:05:33 INPUTFW:DROP br0 KEY_UDP
192.168.35.79
64558 ff:ff:14:00:03:00
255.255.255.255
34447
May 28 11:05:37 INPUT:DROP eth1 KEY_TCP
24.95.68.234
2620 ff:ff:14:00:03:00
12.171.236.66
8010
May 28 11:05:39 INPUTFW:DROP br0 KEY_UDP
192.168.35.201
68 ff:ff:14:00:03:00
255.255.255.255
67
May 28 11:05:40 INPUT:DROP eth1 KEY_TCP
24.95.68.234
2620 ff:ff:14:00:03:00
12.171.236.66
8010
May 28 11:05:45 INPUTFW:DROP br0 KEY_UDP
192.168.35.7
68 ff:ff:14:00:03:00
255.255.255.255
67
May 28 11:05:49 INPUT:DROP lo KEY_TCP
127.0.0.1
9999 :::::
127.0.0.1
39093
May 28 11:05:53 INPUTFW:DROP br0 KEY_UDP
192.168.35.79
64563 ff:ff:14:00:03:00
255.255.255.255
34447
May 28 11:05:59 INPUTFW:DROP br0 KEY_UDP
192.168.35.79
60141 ff:ff:14:00:03:00
255.255.255.255
34447
May 28 11:06:03 INPUTFW:DROP br0 KEY_UDP
192.168.35.79
60142 ff:ff:14:00:03:00
255.255.255.255
34447
May 28 11:06:09 INPUTFW:DROP br0 KEY_UDP
192.168.35.79
137 ff:ff:14:00:03:00
192.168.35.255
137
May 28 11:06:10 FORWARD:DROP br0 KEY_UDP
192.168.35.79
55837 ff:ff:14:00:03:00
192.168.2.2
161
May 28 11:06:12 FORWARD:DROP br0 KEY_UDP
192.168.35.79
55837 ff:ff:14:00:03:00
192.168.2.2
161
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.051 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com