Date: Mon, 24 Mar 2003 15:50:32 +0000 (GMT) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: Darryl Hoar <darryl@osborne-ind.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: help with firewall log message Message-ID: <Pine.GSO.4.44.0303241538130.10520-100000@mail.ilrt.bris.ac.uk> In-Reply-To: <008401c2f21a$edbbbb10$0701a8c0@darryl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Mar 2003, Darryl Hoar wrote: > Greetings, > I am running 4.4-stable on my firewall. > I have set it up using www.schlacter.com > as a guide. > > I keep getting this message very minute in my > firewall log. I need to decipher this and if its > normal, quit logging it as it's filling up my > firewall log. > > here's the entry: > > > Mar 24 08:06:43 darryl ipmon[98]: 08:06:42.283459 xl0 @0:3 b > 10.0.0.1,router -> > 10.0.0.255,router PR udp len 20 72 IN > > what does it mean ? It's an RIP announcement. > Also, is there a good reference that would allow a user > to break down the message and understand it ? Probably something on the ipfilter web site. The log format looks like date, machine, process, accurate timestamp, interface, rule, action taken (from the source), then the 10.0.0.1,router bit which is the packet detail. In this case "router" is udp port 520 (look it up in /etc/services) broadcasting (that's the 10.0.0.255). The protocol's udp and the rest are more packet details. Your router is probably generating these every 30 seconds or so. You can either configure it to not do so or ignore this log line. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ Donate a signature: http://ioctl.org/jan/sig-submit To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.44.0303241538130.10520-100000>