From owner-freebsd-questions@FreeBSD.ORG Tue Sep 18 14:38:19 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2417816A419 for ; Tue, 18 Sep 2007 14:38:19 +0000 (UTC) (envelope-from pmaechler@glattwerk.ch) Received: from mail01.glattnet.ch (mx10.glattnet.ch [80.242.193.210]) by mx1.freebsd.org (Postfix) with ESMTP id 492B113C4D0 for ; Tue, 18 Sep 2007 14:38:17 +0000 (UTC) (envelope-from pmaechler@glattwerk.ch) Received: from GWS050 ([80.242.192.34]) by mail01.glattnet.ch (WELCOME TO GLATTWERK) with ASMTP id XXE71814 for ; Tue, 18 Sep 2007 16:38:14 +0200 From: =?iso-8859-1?Q?M=E4chler_Philippe?= To: Date: Tue, 18 Sep 2007 16:38:13 +0200 Message-ID: <000d01c7fa01$8aac2fc0$3202a8c0@glattwerk.local> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.5709 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 Importance: Normal In-Reply-To: <200709181651.06590.nvass@teledomenet.gr> Subject: RE: IPFW entries in /var/log/messages X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Sep 2007 14:38:19 -0000 Hi Nikos Thanks for your reply. > On Tuesday 18 September 2007 16:05, M=E4chler Philippe wrote: > > Since a few weeks/months we have the following entries in the > > /var/log/messages logfile. > [] > > [/var/log/messages] > > Sep 18 10:23:03 ns2 kernel: .11:2438 out via bge0 > > Sep 18 10:31:35 ns2 kernel: > > Sep 18 10:58:05 ns2 kernel: 80 > > Sep 18 10:58:14 ns2 kernel: <<110>ipfw: 7600 Accept UDP=20 > > 80.242.206.245:55041 80.242.192.81:53 in via bge0 Sep 18=20 > 10:58:14 ns2=20 > > kernel: 110>ipfw: 7700 Accept UDP 80.242.192.81:53=20 > 80.242.204.85:65510=20 > > out via bge0 >=20 > I can think of two things. >=20 > 1) Is anybody playing with logger(1)? > e.g. > logger -t kernel "Let's play with the administrator..." > tail /var/log/messages I fear ist neither of the two things you mentioned [1] /var/log/auth.log does not show an external nor an abnormal login. And I belive that my workmates wont fool me with stuff like this :) > 2) Are these entries new? Are you sure that they refer > to 2007-09? It can happen. Seeing a message from a year back.=20 > Especially on a low maintenance box. [2] These are actual entries. In the meantime i got a few new ones...=20 Sep 18 16:08:18 ns2 kernel: <11<110>ipfw: 7600 Accept UDP 80.242.205.104:50114 80.242.192.81:53 in via bge0 Sep 18 16:08:18 ns2 kernel: 0>ipfw: 7700 Accept UDP 80.242.192.81:53 80.242.205.104:50111 out via bge0 Sep 18 16:09:42 ns2 kernel: b Sep 18 16:13:42 ns2 kernel:=20 Sep 18 16:23:14 ns2 kernel:=20 Sep 18 16:23:24 ns2 kernel: 8 Sep 18 16:30:49 ns2 kernel: =20 > Nikos Philippe