[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: OSSEC log iptables problems (not all are loggued by OSSEC)

To: "ossec-list" <ossec-list@xxxxxxxxxxxxxxxx>
Subject: [ossec-list] Re: OSSEC log iptables problems (not all are loggued by OSSEC)
From: xtz.info@xxxxxxxxx
Date: Thu, 01 Feb 2007 09:03:45 -0800

this are not loggued:

Feb  1 18:00:58 gatlan kernel: DROP FLOOD_ICMP IN=ppp0 OUT= MAC=
SRC=90.19.58.253 DST=90.20.131.158 LEN=60 TOS=0x00 PREC=0x00 TTL=125
ID=41650 PROTO=ICMP TYPE=8 CODE=0 ID=256 SEQ=10241


On Feb 1, 5:53 pm, "xtz.i...@xxxxxxxxx" <dead.but.drea...@xxxxxxxxx>
wrote:
> I have a problem when OSSEC log iptables logFeb  1 17:47:41 gatlan kernel: DROP ICMP_ERROR IN=ppp0 OUT= MAC= SRC=203.141.119.233 DST=90.20.131.158 LEN=94 TOS=0x00 PREC=0x00 TTL=44 ID=59875 PROTO=ICMP TYPE=3 CODE=1 [SRC=90.20.131.158 DST=192.168.11.2 LEN=66 TOS=0x00 PREC=0x00 TTL=43 ID=47914 PROTO=UDP SPT=9689 DPT=4672 LEN=46 ]
> this are loggued, but this:Feb  1 17:51:35 gatlan kernel: DROP SPOOF IN=ppp0 OUT= MAC= SRC=192.168.1.2 DST=90.20.131.158 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=5460 DF PROTO=TCP SPT=4662 DPT=4346 WINDOW=65205 RES=0x00 ACK FIN URGP=0
> are not loggued by OSSEC, i don't not why...

Follow-Ups:
- [ossec-list] Re: OSSEC log iptables problems (not all are loggued by OSSEC)
  - From: Daniel Cid

References:
- [ossec-list] OSSEC log iptables problems (not all are loggued by OSSEC)
  - From: xtz.info@xxxxxxxxx

Prev by Date: [ossec-list] Re: OSSEC log iptables problems (not all are loggued by OSSEC)
Next by Date: [ossec-list] Re: OSSEC log iptables problems (not all are loggued by OSSEC)
Previous by thread: [ossec-list] OSSEC log iptables problems (not all are loggued by OSSEC)
Next by thread: [ossec-list] Re: OSSEC log iptables problems (not all are loggued by OSSEC)
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.