Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 19 November 2024, 09:38:57 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14258 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Need help Interpreting firewall logs
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Need help Interpreting firewall logs  (Read 10196 times)
jpgillivan
Full Member
***
Offline Offline

Posts: 31


« on: Friday 29 May 2009, 01:19:52 am »

I need some advice on interpreting the firewall logs. 

What does this really tell me and what to interpret from the log...
On the second item i copied a very short list.  the actual log is much, much longer.  Is this typical?

First item, Summary log: 
Listed by source hosts:
 Dropped 25 packets on interface br0
   From 192.168.35.25 - 6 packets to key_udp(1947)
   From 192.168.35.36 - 1 packet to key_udp(138)
   From 192.168.35.72 - 1 packet to key_udp(138)
   From 192.168.35.73 - 3 packets to key_udp(137)


Second item, firewall log:
Time     Chain     Iface     Proto     Source     Src port     MAC address     Destination     Dst port
May 28 11:05:26    INPUT:DROP    lo    KEY_TCP    
127.0.0.1
   9999    :::::    
127.0.0.1
   49918
May 28 11:05:29    INPUTFW:DROP    br0    KEY_UDP    
192.168.35.79
   64557    ff:ff:14:00:03:00    
255.255.255.255
   34447
May 28 11:05:31    FORWARD:DROP    br0    KEY_UDP    
192.168.35.79
   55837    ff:ff:14:00:03:00    
192.168.2.2
   161
May 28 11:05:33    INPUTFW:DROP    br0    KEY_UDP    
192.168.35.79
   64558    ff:ff:14:00:03:00    
255.255.255.255
   34447
May 28 11:05:37    INPUT:DROP    eth1    KEY_TCP    
24.95.68.234
   2620    ff:ff:14:00:03:00    
12.171.236.66
   8010
May 28 11:05:39    INPUTFW:DROP    br0    KEY_UDP    
192.168.35.201
   68    ff:ff:14:00:03:00    
255.255.255.255
   67
May 28 11:05:40    INPUT:DROP    eth1    KEY_TCP    
24.95.68.234
   2620    ff:ff:14:00:03:00    
12.171.236.66
   8010
May 28 11:05:45    INPUTFW:DROP    br0    KEY_UDP    
192.168.35.7
   68    ff:ff:14:00:03:00    
255.255.255.255
   67
May 28 11:05:49    INPUT:DROP    lo    KEY_TCP    
127.0.0.1
   9999    :::::    
127.0.0.1
   39093
May 28 11:05:53    INPUTFW:DROP    br0    KEY_UDP    
192.168.35.79
   64563    ff:ff:14:00:03:00    
255.255.255.255
   34447
May 28 11:05:59    INPUTFW:DROP    br0    KEY_UDP    
192.168.35.79
   60141    ff:ff:14:00:03:00    
255.255.255.255
   34447
May 28 11:06:03    INPUTFW:DROP    br0    KEY_UDP    
192.168.35.79
   60142    ff:ff:14:00:03:00    
255.255.255.255
   34447
May 28 11:06:09    INPUTFW:DROP    br0    KEY_UDP    
192.168.35.79
   137    ff:ff:14:00:03:00    
192.168.35.255
   137
May 28 11:06:10    FORWARD:DROP    br0    KEY_UDP    
192.168.35.79
   55837    ff:ff:14:00:03:00    
192.168.2.2
   161
May 28 11:06:12    FORWARD:DROP    br0    KEY_UDP    
192.168.35.79
   55837    ff:ff:14:00:03:00    
192.168.2.2
   161
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.25 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com