Fedora Linux Support Community & Resources Center
  #1  
Old 3rd February 2008, 06:02 AM
biggsk Offline
Registered User
 
Join Date: Aug 2007
Location: The Bay, Florida
Age: 33
Posts: 194
Question Question about messages logs

Anyone out there know how to make these entires stop showing up in my /var/log/messages?


Feb 2 23:47:49 server kernel: Inbound IN=eth0 OUT= MAC=00:07:95:e6:c9:6e:00:13:72:e8:bf:f9:08:00 SRC=192.168.1.191 DST=192.168.1.192 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=58697 PROTO=UDP SPT=1746 DPT=53 LEN=40


Thanks
__________________
Dell Inspirion 1520
Intel® Pentium® Dual-Core Mobile Processor T2370
4GB, DDR2, 667MHz
250GB 5400RPM SATA Hard Drive
Intel Integrated Graphics Media Accelerator 3100
Dell Wireless 1395 802.11g Mini Card

My tech blog(s):
http://blog.biggsenterprises.net

:eek:
Reply With Quote
  #2  
Old 3rd February 2008, 06:43 AM
Hlingler Offline
Administrator
 
Join Date: Sep 2006
Location: Connellsville, PA, USA
Posts: 11,294
Hello:

IIRC, you would want to edit /etc/syslog.conf to specify a higher level at which to log info. Don't know what default is. Lowest level (log all activity whatsoever) is debug (?), next is info, then notice, then warn, error, critical, and none (=don't bother me). Sounds like you probably don't want to see anything below warn, so:

[...]
*.warn;mail.none;authpriv.none;cron.none /var/log/messages
[...]

Consult man syslog for clarification/verification of these levels, etc.

Regards,
V
Reply With Quote
  #3  
Old 3rd February 2008, 06:46 AM
lmo Offline
Registered User
 
Join Date: Mar 2007
Posts: 1,046
I vaguely remember once having set up a system so that the network traffic was getting dumped into /var/log/messages.
I don't know how I got it set up that way, but I think I eventually got it to stop with help from man pages for
syslog
syslog.conf
klogd

It might also have something to do with iptables.
One thing to look at is the command:
iptables -L

I do not remember the specifics, but I think it is possible to put specific log traffic into a different file than messages.

As an example, I modified my /etc/syslog.conf so that gconfd "spam" goes to /var/log/user instead of /var/log/messages
Code:
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none;user.none      /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

# gconfd ?
user.*                                                  /var/log/user
Maybe there is a way to redirect IP traffic logs too.
Or maybe there is a way to avoid logging it.
On my system which doesn't have any custom iptables, it doesn't log those kinds of messages.
Reply With Quote
  #4  
Old 3rd February 2008, 07:57 AM
Evil_Bert Offline
Retired Again - Administrator
 
Join Date: Nov 2007
Location: 'straya
Posts: 3,289
The message refers to a firewall event (from the kernel netfilter) - blocked traffic is logged by default, and I assume that this is so in your setup - it looks like netfilter blocked a DNS lookup from 192.168.1.191 to 192.168.1.192. (Actually, the fields in the message don't look completely correct, but I don't know what your setup is).

As advised above, you can change both the level of logging and the file/destination to which logged data is written. If you generate a new log file, don't forget to add it to logrotate so that new log files are created and old ones archived: see "man logrotate" for more info.

But do you really need to change that setup (i.e. logging firewall messages)? There may be applications that expect to find certain data in certain logfiles, e.g. firestarter's status GUI expects to find firewall events in /var/log/messages, and it is not configurable in that respect.

It may be better to leave /var/log/messages alone and copy data of interest to other specific logs you create (duplicate logs via syslog.conf) - that way, you won't risk breaking any applications down the track.

To view system log files, if you're not already doing so, you can use gnome-system-log; it has a simple text filter to help isolate messages of interest (e.g. you could use "eth0" to isolate network-related data in /var/log/messages).
__________________
Marching to the beat of his own conundrum.

Last edited by Evil_Bert; 3rd February 2008 at 08:00 AM.
Reply With Quote
  #5  
Old 3rd February 2008, 05:13 PM
biggsk Offline
Registered User
 
Join Date: Aug 2007
Location: The Bay, Florida
Age: 33
Posts: 194
Thanks all for your quick replies!
__________________
Dell Inspirion 1520
Intel® Pentium® Dual-Core Mobile Processor T2370
4GB, DDR2, 667MHz
250GB 5400RPM SATA Hard Drive
Intel Integrated Graphics Media Accelerator 3100
Dell Wireless 1395 802.11g Mini Card

My tech blog(s):
http://blog.biggsenterprises.net

:eek:
Reply With Quote
Reply

Tags
logs, messages, question

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
3-34 kernel and iwl3945: megabytes of logs in /var/log/messages alarm9k Servers & Networking 30 30th April 2008 03:53 PM
Convert Apache-logs to IIS-logs locodude Servers & Networking 3 29th November 2007 06:55 PM
Network Interface logs in /var/log/messages changed in FC6 from FC2 rajat123 Servers & Networking 1 17th April 2007 07:46 AM


Current GMT-time: 23:07 (Thursday, 27-11-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Romantikhotel Zell am See Photos on Instagram - Misibis Bay Amphitheater - Chun Hui Yuan Resort - Beijing