Nothing worse than finding old docs:[URL]I would like to redirect "martian source"I have added:
Code:
filter f_martian { facility(kern) and match('^martian source'); };
filter f_console { level(warn) and facility(kern) and not filter(f_iptables)
[code]....
Some time ago mine logs start to show this message
Apr 23 11:03:01 xxxxx kernel: [38048596.800691] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
Apr 23 11:03:01 xxxxx kernel: [38048596.800691] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
Apr 23 11:15:02 xxxxx kernel: [38049523.750307] martian source 192.168.0.87 from 217.15.41.137, on dev eth1
[code]...
There is a cable plugged in to the second network card, but that interface is not configured. I'm getting a lotof "martian source" alerts because of this.If the interface eth1 isn't started because it isn't configured, why am I getting these messages?
View 2 Replies View RelatedI am looking for an open source syslog server which accumulate the each and every log of Windows, Solaris, Linux and network devices. Currently I am using Syslog-ng which is not fulfiling my requirement in Windows clients, as I need the logs of every action which user performed after logon.
View 2 Replies View RelatedI am trying to generate a UDP syslog packet from my C application. But I am facing a problem with a Cisco Router ACE that does not like the Source Port being '0' and thus drops the packet.How can I specify the Source Port in the UDP header to '514' as stated in RFC3164 (Section 2: Transport Layer Protocol)? "It is RECOMMENDED that the source port also be 514 to indicate that the message is from the syslog process of the sender"
View 1 Replies View RelatedMy network isPC1 -- (NIC1,10.1.1.x) Linux (NIC2,10.1.2.x) -- Server 1 (HTTP/FTP)My question isIn the linux system, can I change the PC1 source port from 20000 to 30000? for examplePC1(sport:20000,dport:80)---Linux-- (sport:30000,dport:80)--- Server 1 (HTTP/FTP)
View 2 Replies View RelatedI'm currently using a homemade Python script to parse script kiddie IP addresses from logfiles.To this point, I've simply been DROPping any requests from these IPs using iptables.I thought it might be fun to redirect their traffic back to them, but as I am not an expert at iptables, I was wondering if I should use FORWARD or PREROUTING.
View 7 Replies View RelatedI have an old PC running an older version of linux with two network cards serving as my firewall router. The network cards are netgear 310tx cards. Noticed traffic was not getting routed at times. Figured my switch was going bad, so I hooked up an old hub to keep keys systems communicating while I get a new switch. No problems with hub, but only has 5 ports.
Get new switch (different make/model from old one), install, a couple of my systems have connectivity problems, but others do not. Thinking it was a bad switch, returned it, got a new one just like my old one (which I thought was going bad, but worked for several years). Hook it up, paying attention to my firewall console and notice martian header messages. Network traffic not getting routed at all. The interface for connected to LAN was slow to get started (my firewall can communicate to the Internet, but LAN communication was hosed).
System would "hang" spitting out martian header messages until I disconnected LAN cable. Thinking network card may be bad, replaced it with another version of the same type. Same problems: martian header messages and traffic not getting routed.
HOWEVER, if I remove the switch and use my old hub, no problems. Networking appears to work for all systems connected to hub. Since I and my wife work from home, I'm using the hub right now (with non-essential systems not connected due to limited ports). I can only do any real experimentation at night.
I have no idea why things would work differently between using a hub vs a switch. Could something have gone awry with the linux kernel (2.4.20-46.7)?
trying to replace syslog with syslog-ng. When I:
yum erase syslog,
wants to remove everything else that (presumably) has syslog as a dependency. how do I replace the dependency on syslog with a dependency on syslog-ng?
I noticed in my system that my root partition is getting full. I found a lot of old compacted syslogfiles. Had a look at etc/sysconfig editor eg cron but could not find a setting which allows to delete files older than a month. Where and how could I influence this ? I deleted manually all syslog files older than a month. Approx 6GB
View 9 Replies View RelatedI am trying to grep multiple numbers from file, grep does have the -f option for that.
Code: grep -f <`seq 500 520` /etc/passwd I know this could be done with
Code: for i in `seq 500 520`; do grep "$i" /etc/passwd; done But my question is fare more behind this example. It is possible to redirect one command output which will be treat as a content of file for another command ?
Is there any open source virtual machine so i can study the source in order to create my own? i'm gonna write my own, so it doesNT matter if license does not allow further development of the code.
View 1 Replies View Relatedi am already a little bit familiar with linux and now i want to know better the linux OS. i have downloaded the source code of the krnel from the kernel.org and i dont understand the linux source trees organization, so can somebody do me a favor and give me a link to some internet page (or at least a book) that explains that?? i have searched in the internet with the tag:::linux source trees organization and i have not found nothing interesting
View 1 Replies View RelatedWe all know we can install a linux system such as Fedora 10 and use it. Being linux, one should in principle get the source codes for everything that has been precompiled (except the proprietary drivers such as nvidia) in the installation DVDs/CDs. Where are the source codes ? Is there a place I can download them ?
To avoid confusion, I am not referring to the kernel source that can be compiled to give a linux kernel, but that does not include the drivers, such as intel_drv.so.
To be more specific, the intel graphic i810 driver has been built into any linux system, but where is the exact source? One answer may be that primary source intellinuxgraphics.com. However, if anyone tries to download the every changing (i.e., keep updated almost every single day) driver source codes from freedesktop.org, it is almost certain that the source codes will not be the same as the one that is finalized in Fedora 10.
installed the fedora 12, but dont know how to use the source dvd to install the source package.
View 3 Replies View RelatedI want to see the source code of smplayer software.from where i can see source code of open source softwares?
View 9 Replies View RelatedRecently I had to login to OS 11.3 via tty, but was unable to. Tty screen was flooded with syslog output. Instead of outputting info only on tty10 it was throwing it on every tty (1-6), I switched to.
How to fix this behaviour and restrict syslog output only to tty10?
I wonder how I can filter the syslog? i.e. there is a message that I don't want to see logged in there etc?
View 3 Replies View RelatedI am configuring syslog-ng on my server.
I suspect something to be wrong.
Is there a tool I can use in the shell to generate a log? So I can check that the log appear in the syslog file.
How to set up syslog server on Fedora 10 Linux server ?
View 1 Replies View RelatedIm trying to get syslog-ng to log ssh stuff to a own file (later i want it to be forwarded to a other server but thats a later problem.
The thing is that if i restart my syslog-ng server and login with ssh, it logs it. but when i login again it dont. But if i restart the syslog-ng daemon again it logs again, but only once.
Here is my config.
Code:
I installed syslog-ng-3.0.3-1.rhel5.i386.rpm and at first blush it appears to be working fine to /var/log/messages. However it doesn't seem to be doing any other ancillary logging as defined in syslog-ng.conf (I've had to mod /etc/init.d/syslog-ng to look in /etc). e.g.
destination d_auth { file("/var/log/secure"); };
filter f_filter3 { facility(authpriv); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
I'm using a syslog-ng.conf which has served me well in the past (v1.6.9 on fedora).
Missing Syslog.conf file First I installed VM Ware. I then installed Debian on a virtual machine which appears to be running fine. (except I have no network connectivity) but I digress. The real issue is that there is no syslog.conf in etc directory or anywhere else.
View 8 Replies View RelatedIs there a way to tail a log file and send each line as a syslog event to a remote server?
View 1 Replies View RelatedI have configured /etc/syslog.conf for writing user level log messages, and it is working fine.
The line which i entered is: user.* /home/shekhar/obj/myjob.log
But the log file keeps increasing. I would like to rotate the log file when it reaches 100Kb.
How do i do that in red hat linux ?
I wrote a script which will run in ubuntu box and will display in tty1, without loading the gdm. The problem is when I plugged in a usb drive it will cause some messages to be printed into the current tty user logged in.
Like : [sdb] Assuming drive cache: write through
This is really disturbing when a user is running the script. Is there anyway that I can direct all the messages to some other tty which I don't use.
How do I get syslog using serial port?
View 2 Replies View RelatedI'm having two problems with remote syslogging with this configuration in syslog.conf:
*.info;authpriv.*;cron.* @myhost.dnsalias.com
As you can see the logging is made to an host with dynamic ip, and as soon as the ip changes the logging seems to stop.
Another thing is that it only seems to log the first part (*.info), the other ones don't appear.
i am looking to install syslog-ng on my backtrack5 linux.
View 2 Replies View RelatedI was reading around the web and saw that someone mentioned that the default syslog configuration should be adjusted. Is that true?
View 3 Replies View Related