Save rsyslog data -
Bob Goodwin - Zuni, Virginia, USA
bobgoodwin at wildblue.net
Mon Aug 20 16:17:09 UTC 2012
On 20/08/12 12:07, Ed Greshko responds:
> It was my understanding that you were trying to shunt log entries sent by your "router" to a file different than /var/log/messages.
>
> What you are showing are logs generated by your "localhost" that are created by iptables. You seem to have a rule set up to log entries with "ACCEPT" which is certain to fill up your log files.
>
> I think your "problem" is really in your iptables setup and nothing to do with rsyslog.
Ok, but I Have not intentionally done anything to accomplish that. This
must result from tomato's logging? It' internal log displays:
............ snip ............
> Aug 20 12:12:09 localhost user.warn kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.9 DST=74.126.6.130 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=63002 DF PROTO=TCP SPT=54721 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A01CCD3640000000001030307)
> Aug 20 12:12:20 localhost user.warn kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.9 DST=74.126.6.130 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=59067 DF PROTO=TCP SPT=54722 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A01CCFE5A0000000001030307)
> Aug 20 12:12:31 localhost user.warn kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.9 DST=74.126.6.130 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=21891 DF PROTO=TCP SPT=54723 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A01CD29A40000000001030307)
> Aug 20 12:12:43 localhost user.warn kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.9 DST=74.126.6.130 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=51664 DF PROTO=TCP SPT=54724 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A01CD57490000000001030307)
> Aug 20 12:12:54 localhost user.warn kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.9 DST=74.126.6.130 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=21828 DF PROTO=TCP SPT=54725 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A01CD825D0000000001030307)
> Aug 20 12:13:05 localhost user.warn kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.9 DST=74.126.6.130 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=23224 DF PROTO=TCP SPT=54726 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A01CDAD260000000001030307)
> Aug 20 12:13:07 localhost user.warn kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.9 DST=173.194.79.108 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=1445 DF PROTO=TCP SPT=43864 DPT=995 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A01CDB7970000000001030307)
> Aug 20 12:13:16 localhost user.warn kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.9 DST=74.126.6.130 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=1407 DF PROTO=TCP SPT=54728 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A01CDD9630000000001030307)
> Aug 20 12:13:18 localhost user.warn kernel: DROP IN=vlan1 OUT= MAC=20:aa:4b:a5:fe:08:00:a0:bc:22:a0:6e:08:00:45:28:00:30 SRC=95.25.51.103 DST=184.21.222.44 LEN=48 TOS=0x08 PREC=0x20 TTL=103 ID=49610 DF PROTO=TCP SPT=3940 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204
> Aug 20 12:13:21 localhost user.warn kernel: DROP IN=vlan1 OUT= MAC=20:aa:4b:a5:fe:08:00:a0:bc:22:a0:6e:08:00:45:28:00:30 SRC=95.25.51.103 DST=184.21.222.44 LEN=48 TOS=0x08 PREC=0x20 TTL=103 ID=50195 DF PROTO=TCP SPT=3940 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204
> Aug 20 12:13:27 localhost user.warn kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.9 DST=74.126.6.130 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=56365 DF PROTO=TCP SPT=54729 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A01CE05B80000000001030307)
--
http://www.qrz.com/db/W2BOD
box9
More information about the users
mailing list